Malware Analysis Report

2024-10-18 22:06

Sample ID 240611-sspf2a1gnh
Target FakeActivation.zip
SHA256 7cc43d4259f9dbe6806e1c067ebd1784eaaf56a026047d9380be944b71e5b984
Tags
bootkit discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7cc43d4259f9dbe6806e1c067ebd1784eaaf56a026047d9380be944b71e5b984

Threat Level: Shows suspicious behavior

The file FakeActivation.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit discovery persistence

Executes dropped EXE

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Writes to the Master Boot Record (MBR)

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

NTFS ADS

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious behavior: MapViewOfSection

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious behavior: LoadsDriver

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 15:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 15:23

Reported

2024-06-11 15:35

Platform

win10-20240404-en

Max time kernel

694s

Max time network

688s

Command Line

"C:\Users\Admin\AppData\Local\Temp\[email protected]"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe" C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
File created C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\INF\netrasa.PNF \??\c:\windows\system32\svchost.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\4272278488\2581520266.pri C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\INF\netsstpa.PNF \??\c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ C:\Windows\system32\svchost.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Windows\system32\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{976432A9-04AA-4B71-80DE-D408A4CF0970} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f7a525a414bcda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{415C7CEF-F8AD-4C18-A1EC-FE2EDB39232F} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{EE3CFD07-D4FF-4D50-AE34-332D7DF02CE0} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 82e4cfbc14bcda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Windows\SysWOW64\control.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\MEMZ.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeShutdownPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeCreatePagefilePrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: 33 N/A C:\Windows\system32\Speech\SpeechUX\SpeechUXWiz.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\Speech\SpeechUX\SpeechUXWiz.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Uninstall.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1768 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
PID 1768 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
PID 2616 wrote to memory of 4556 N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
PID 2616 wrote to memory of 4556 N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
PID 2616 wrote to memory of 4556 N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
PID 1772 wrote to memory of 4912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1772 wrote to memory of 4912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1772 wrote to memory of 4912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1772 wrote to memory of 4912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1772 wrote to memory of 4912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1772 wrote to memory of 4912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1772 wrote to memory of 4912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1772 wrote to memory of 4912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1772 wrote to memory of 4912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1772 wrote to memory of 4912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1772 wrote to memory of 4912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 1052 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 1052 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4912 wrote to memory of 4208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\[email protected]

"C:\Users\Admin\AppData\Local\Temp\[email protected]"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe" "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe"

C:\Users\Admin\AppData\Local\Temp\Uninstall.exe

"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe" end

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.0.421375641\1742135201" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b444f6be-def8-42c6-9138-bf248f02bb58} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 1828 29f8a1d5358 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.1.1722765182\1779663181" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8ceba36-d12e-4a90-9a7e-0cf096ffb02f} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 2184 29f8a1aeb58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.2.2120995052\327944328" -childID 1 -isForBrowser -prefsHandle 2764 -prefMapHandle 2776 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4680794a-bd42-42f3-9c67-6f703b537060} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 2760 29f8a15ae58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.3.315143362\932186378" -childID 2 -isForBrowser -prefsHandle 2768 -prefMapHandle 3432 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {05eb22d9-87e4-4372-9895-76f4cb7e27f2} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 3484 29ffee66858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.4.1033068604\753315456" -childID 3 -isForBrowser -prefsHandle 3856 -prefMapHandle 3852 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e575878-dd7a-4a6a-b404-499f3dee2338} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 3872 29f8f543958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.5.856365399\556600148" -childID 4 -isForBrowser -prefsHandle 4880 -prefMapHandle 4876 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46ff734d-5bb2-45cc-b281-ab338955bf3c} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 4888 29f908ee358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.6.1215387722\1567007870" -childID 5 -isForBrowser -prefsHandle 5016 -prefMapHandle 5020 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09993376-0031-4e2a-82f4-257240e3ce14} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 5008 29f908efb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.7.155692162\529231728" -childID 6 -isForBrowser -prefsHandle 5216 -prefMapHandle 5220 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00919f7a-b134-443f-8a72-d1df3ecf3c78} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 5208 29f908ecb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.8.2019552525\1871191409" -childID 7 -isForBrowser -prefsHandle 4700 -prefMapHandle 3220 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d0e0f90-fe75-4456-ba7f-3479057b0c85} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 3236 29f91d3f158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.9.1549950828\249230110" -childID 8 -isForBrowser -prefsHandle 5628 -prefMapHandle 1612 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9174bc5a-e6e7-4eae-8594-2f27031943e8} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 4700 29f9295ae58 tab

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3c8

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\System32\SystemSettingsBroker.exe

C:\Windows\System32\SystemSettingsBroker.exe -Embedding

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localservice -s SstpSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s RasMan

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\Speech\Common\sapisvr.exe

"C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX

C:\Windows\system32\Speech\SpeechUX\SpeechUXWiz.exe

"C:\Windows\system32\Speech\SpeechUX\SpeechUXWiz.exe" UserEnrollment,en-US,HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\RecoProfiles\Tokens\{B9DE3ED6-BDDF-42E8-B88A-53FB3F92D8F1},65552,0,""

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:49936 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
N/A 127.0.0.1:49943 tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 44.232.194.163:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 163.194.232.44.in-addr.arpa udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 answers.microsoft.com udp
DE 184.30.223.105:80 answers.microsoft.com tcp
DE 184.30.223.105:80 answers.microsoft.com tcp
DE 184.30.223.105:443 answers.microsoft.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.138:443 login.microsoftonline.com tcp
NL 40.126.32.138:443 login.microsoftonline.com tcp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 152.199.21.175:443 aadcdn.msftauth.net tcp
US 152.199.21.175:443 aadcdn.msftauth.net tcp
US 8.8.8.8:53 105.223.30.184.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
NL 40.126.32.138:443 login.microsoftonline.com tcp
NL 40.126.32.138:443 login.microsoftonline.com tcp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 21.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 answers-afd.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 consentdeliveryfd.azurefd.net udp
US 8.8.8.8:53 csp.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
SE 23.34.233.128:443 www.microsoft.com tcp
SE 23.34.233.128:443 www.microsoft.com tcp
US 8.8.8.8:53 mem.gfx.ms udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.253.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.253.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 128.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 209.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 answersstaticfilecdnv2.azureedge.net udp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
DE 184.30.223.105:443 answers.microsoft.com tcp
DE 184.30.223.105:443 answers.microsoft.com tcp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 152.199.21.175:443 lgincdnvzeuno.azureedge.net tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
NL 20.50.201.200:443 browser.events.data.microsoft.com tcp
NL 20.50.201.200:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 200.201.50.20.in-addr.arpa udp
US 8.8.8.8:53 consentreceiverfd-prod.azurefd.net udp
US 13.107.246.64:443 consentreceiverfd-prod.azurefd.net tcp
US 13.107.246.64:443 consentreceiverfd-prod.azurefd.net tcp
US 8.8.8.8:53 www.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
SE 2.21.96.112:443 assets.msn.com tcp
SE 2.21.96.112:443 assets.msn.com tcp
SE 2.21.96.112:443 assets.msn.com tcp
SE 2.21.96.112:443 assets.msn.com tcp
US 204.79.197.203:443 www.msn.com tcp
US 204.79.197.203:443 www.msn.com tcp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 204.79.197.203:443 www.msn.com tcp
US 204.79.197.203:443 www.msn.com tcp
US 20.189.173.16:443 browser.events.data.msn.com tcp
US 20.189.173.16:443 browser.events.data.msn.com tcp
US 20.189.173.16:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 112.96.21.2.in-addr.arpa udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 50.63.8.124:443 pcoptimizerpro.com tcp
US 8.8.8.8:53 124.8.63.50.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 www.pcoptimizerpro.com udp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 8.8.8.8:53 www.jqueryscript.net udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 172.67.75.171:443 www.jqueryscript.net tcp
US 172.67.75.171:443 www.jqueryscript.net tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 cdn.jquery.app udp
US 104.21.66.214:443 cdn.jquery.app tcp
US 104.21.66.214:443 cdn.jquery.app tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 www.clarity.ms udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 95.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 171.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 214.66.21.104.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.hotjar.com udp
DE 18.66.102.11:443 static.hotjar.com tcp
DE 18.66.102.11:443 static.hotjar.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 8.8.8.8:53 x.clarity.ms udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
BE 74.125.71.156:443 stats.g.doubleclick.net tcp
BE 74.125.71.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 11.102.66.18.in-addr.arpa udp
US 8.8.8.8:53 190.178.204.143.in-addr.arpa udp
US 8.8.8.8:53 156.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 119.190.114.20.in-addr.arpa udp
US 8.8.8.8:53 64.39.245.18.in-addr.arpa udp
US 8.8.8.8:53 script.hotjar.com udp
DE 13.32.27.21:443 script.hotjar.com tcp
DE 13.32.27.21:443 script.hotjar.com tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 68.219.88.97:443 c.clarity.ms tcp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.237:443 c.bing.com tcp
US 204.79.197.237:443 c.bing.com tcp
US 8.8.8.8:53 21.27.32.13.in-addr.arpa udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 google.co.ck udp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
US 8.8.8.8:53 www.google.co.ck udp
GB 216.58.213.3:80 www.google.co.ck tcp
GB 216.58.213.3:80 www.google.co.ck tcp
US 8.8.8.8:53 228.187.250.142.in-addr.arpa udp
GB 216.58.213.3:443 www.google.co.ck tcp
US 8.8.8.8:53 consent.google.co.ck udp
GB 216.58.201.110:443 consent.google.co.ck tcp
GB 216.58.201.110:443 consent.google.co.ck tcp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck tcp
GB 216.58.201.110:443 consent.google.co.ck tcp
GB 216.58.201.110:443 consent.google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck tcp
GB 216.58.201.110:443 consent.google.co.ck tcp
GB 216.58.201.110:443 consent.google.co.ck tcp
US 8.8.8.8:53 225.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 13.89.179.12:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 12.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck tcp
GB 216.58.201.110:443 consent.google.co.ck tcp
GB 216.58.201.110:443 consent.google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck tcp
GB 216.58.201.110:443 consent.google.co.ck tcp
GB 216.58.201.110:443 consent.google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck tcp
GB 216.58.201.110:443 consent.google.co.ck tcp
GB 216.58.201.110:443 consent.google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck tcp
GB 216.58.201.110:443 consent.google.co.ck tcp
GB 216.58.201.110:443 consent.google.co.ck tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.62.61.171:443 www.bing.com tcp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 233.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 softonic.com udp
US 199.232.213.91:80 softonic.com tcp
US 199.232.213.91:80 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 8.8.8.8:53 91.213.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.softonic.com udp
US 151.101.1.91:443 www.softonic.com tcp
US 151.101.1.91:443 www.softonic.com tcp
US 8.8.8.8:53 en.softonic.com udp
US 151.101.1.91:443 en.softonic.com tcp
US 151.101.1.91:443 en.softonic.com tcp
US 8.8.8.8:53 assets.sftcdn.net udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 images.sftcdn.net udp
US 151.101.1.91:443 assets.sftcdn.net tcp
US 151.101.1.91:443 assets.sftcdn.net tcp
US 8.8.8.8:53 articles-img.sftcdn.net udp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
NL 23.62.61.147:443 articles-img.sftcdn.net tcp
NL 23.62.61.147:443 articles-img.sftcdn.net tcp
NL 23.62.61.147:443 articles-img.sftcdn.net tcp
NL 23.62.61.147:443 articles-img.sftcdn.net tcp
NL 23.62.61.147:443 articles-img.sftcdn.net tcp
NL 23.62.61.147:443 articles-img.sftcdn.net tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 151.101.1.91:443 assets.sftcdn.net tcp
US 151.101.1.91:443 assets.sftcdn.net tcp
US 8.8.8.8:53 93.82.68.104.in-addr.arpa udp
US 8.8.8.8:53 147.61.62.23.in-addr.arpa udp

Files

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

MD5 f33a4e991a11baf336a2324f700d874d
SHA1 9da1891a164f2fc0a88d0de1ba397585b455b0f4
SHA256 a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7
SHA512 edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

memory/1768-26-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3012-27-0x00007FFFE5A23000-0x00007FFFE5A24000-memory.dmp

memory/3012-28-0x00000231EBF80000-0x00000231EBFAE000-memory.dmp

memory/3012-29-0x00007FFFE5A20000-0x00007FFFE640C000-memory.dmp

memory/3012-30-0x00007FFFE5A20000-0x00007FFFE640C000-memory.dmp

memory/3012-33-0x00007FFFE5A20000-0x00007FFFE640C000-memory.dmp

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

MD5 1bb4dd43a8aebc8f3b53acd05e31d5b5
SHA1 54cd1a4a505b301df636903b2293d995d560887e
SHA256 a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02
SHA512 94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

memory/1016-36-0x0000000000FD0000-0x0000000001044000-memory.dmp

memory/1016-37-0x0000000005DB0000-0x00000000062AE000-memory.dmp

memory/1016-38-0x00000000058B0000-0x0000000005942000-memory.dmp

memory/1016-39-0x0000000005950000-0x000000000595A000-memory.dmp

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe

MD5 ab648a0df4fe7a47fe9d980c545b065d
SHA1 ce28ea7dd117289daf467467a592bc304c72d4e6
SHA256 905a849721ec95ab08754aeee9a60b3ed435d36962466fcbe5cfca63dfc455cd
SHA512 7ae99da55fbf1c31c5281e5f4e10ab2bc33b89effeee82b574eb4b60541c5ea2913d5d99836608873da372c78e75436ae7e535568f48d81cb9dd26d2cc1b3a8c

memory/2616-47-0x0000000000400000-0x0000000000423000-memory.dmp

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini

MD5 c92a1d4d0755c886dd137c6cab43c35e
SHA1 fc16175e58ad1f67c57e7fdf55333fdd0e01d936
SHA256 6ab1ee65e6c9c5e31fe3680fc92a2a0ae73f216e966f5582a2d9c265357238d4
SHA512 0525880a1f4cc7dd912ca4006fe4bd02bf1218931fcb56489a0ec728a682fdf1ecd35e8797c665c63dc19d8236942d9b832a6a8c46e00df02afa2c65327dd9de

C:\Users\Admin\Desktop\Free Youtube Downloader.lnk

MD5 882c6e1ee782e921cccb8c699eb26a90
SHA1 303d08c4f3455ab2a62fe4ab4686bff06acb5c00
SHA256 4c11bd26f55c3f667d520fa52649f6042e8d072676020f4fb7c70ea49a233aba
SHA512 dab61f0d9d437f63efe99a53e9a2f83638b73a22798da4dcad6ac9788d365306ebaa3ad3accb7e2a6085c5f13582d09b675023d1d3d7f7e35e925dac2357a609

memory/4556-160-0x0000000000400000-0x0000000000423000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\93ecbd7c-67df-432d-b313-7c4658d1ad66

MD5 6226cfe67c5ca79cd1e9f5f32d54e587
SHA1 59805ea585a6e0b8985dfcb06d349e9b7877b6c5
SHA256 caaad8b73943365a429eff39c261620db6e29fd95403738dc27ab540c68cdd8c
SHA512 54467e6a0e9c719500b62b45387f8fcc6c73f976e01389366d91f3bfa4e846748cf7d88be8af54788bdf44a8acfcb39245c0741ed6386c80ad3ec2115290c589

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\df39960d-59ed-4dad-90e3-79a6376c54c1

MD5 0cfd20d63c3f278271cd22052d4da776
SHA1 e77b22a85b502926c87da5557b437270123fb0d7
SHA256 4b0707979c233615e2edc7f5a68056e9e5e18676a0058d8d9656055ed52bc0cc
SHA512 a042081b60d36055e6f64c125daa0b921d015a00314a5a4574d64ce101be862f5c9acd9575f8ab2202f6b4f72cda6b895c931fc610c709f103db060347da0ade

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

MD5 053f6e158b092d6401ad0b8a112e8a1f
SHA1 bedb4037b906b78aadc787b15d76b6558552aaef
SHA256 ed04b7fbe6735dbc1b5ef3420e849ee93fb8900b84aa83db1a8e6ea4c811f3b0
SHA512 6e57dc5baa60a61d93298c23e7d44c8165d68d62d1913b8a5ab010c229ef42d959dc10d736a11d9b3c738ec8791d196ad14b916cd0e58ec6bd4bced2b09d05b5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 0ed2663971e8051b2bcb574926400fa8
SHA1 467756bf41c377bdb07c8be10d5391f1df1d80a7
SHA256 0c44c9887ebd30506041e4f483422673660df0b74c7468b0cab2c69bee1f4e8c
SHA512 e521f02d0a4dc70e3bb33747c5113c76f18f15b4370826ef13700c4f559c8b158ed1d8ef79d7d88794bfea61496a75d653237391f2f8b5e53d8574a21f113898

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

MD5 e47881cc860d03c1725a51abfff28c7d
SHA1 a70882129652804bb4649b1bb8f3dc10a9fc2fb1
SHA256 a0fa37599a77dc241546b47f90b72fd01d61cf6cdb9f38b25d71f7090ad8010b
SHA512 1c0fb2b3a8f11d81ff3a301568c4da1aaa145242728001480794eac348465d18879e1d97cdcbbb3dd15fa1dc32096c0b047de87f77806d847d070ec0fd564629

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 520e436c3a8ff64ede3767c19a96e154
SHA1 33895a23833102547208d7cbbb99d78c743f620c
SHA256 a1d5cef544eac314c146ed64be3047bf49f2d728cb54a20174ed786232696d09
SHA512 7543c9ff218ce03f1312495f43d6f07691e1ce66d84bffa49d6c480b77769df6ef41d4d92ce770e29d5315745f3f84cac10e82e27f4deedbc5a90b4eb141c679

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

MD5 bb6d42697b3e5513380e5abcf088a882
SHA1 ba7394ed1db7803b412110f6e9bbb29d9abb99cc
SHA256 d95682ca96db91bf93765c4ecea50fa243ad768a1095b9ea929fe1c80a5e613a
SHA512 f7c95a8aa22f68a119feef31d79c66a6fd9da61be6e06fa4cada93acfb9841e96fa3b974b667fe14cc2460657ae964356c4bc19ccabbdbabbf9feabd985b88d0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0c30e8bc2f41f59d2d82521c770d1805
SHA1 6ac7e24af7248d9cf401843be3435e172440331c
SHA256 a1b0c577f4d31bb97fad930ee6e6e8e8bd2acae3d33e8c27a840fa7aef8a48a1
SHA512 96bae94a849bfb959d06e1935b96159f1ec8fb0085c01205198cda5effd624d706bfad1477bb423614d3f778e952bc4625949b8e7658672cde9516f9989b29c9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6681a05a342c6bea9c670449943639bd
SHA1 7964aa1378f5aa5ae37d15427e697055dcfcb924
SHA256 97e063048f87df0a3ba4965f4312d12592c55248f2024c9f7d72cd21aa34f202
SHA512 d2f8c7ae3e6f8dfb4b79b100011d33995fd80344294e139fa8283ff6c27b105a4adefed553bf6afd030a09825012083cd49e9db1fb0580e2253ee692b36d5d82

C:\Users\Admin\Downloads\Yk-g4KVy.zip.part

MD5 69977a5d1c648976d47b69ea3aa8fcaa
SHA1 4630cc15000c0d3149350b9ecda6cfc8f402938a
SHA256 61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc
SHA512 ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

MD5 3a1fd290c31688ddf6b008144423af32
SHA1 f5c1cec11b8c0c95ad69985f32a4eec4cab1f67b
SHA256 4010f482511c036e732be6ce3d30bf976e46a231e839c7466fa09592a210b807
SHA512 77ba76297cb84c3119ced9ee80c6efb08a7c5eaa7af9a997c03e22a562be831ed22c0a8201d344640b5169f6a82372ea9d585461ea180887cea5339dc439f654

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5a3697e4f72da4d938b9381acfa0ca0e
SHA1 1ec2abb9f25f85a96adff72dbb49503dd54cdb64
SHA256 e5248db832b6a12c3477cf419cb87791402eb9639d9bd56b6164130b109ac5ba
SHA512 12ceead63008ba3f5382b6737e8625f30f245a1cf202547ff49528efe7a7b50e4152c25c25d58f7bf3cf4e4585ba589ece53f13bd1cff996e22119d03544510a

C:\note.txt

MD5 afa6955439b8d516721231029fb9ca1b
SHA1 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA256 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA512 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\2290032291.pri

MD5 b8da5aac926bbaec818b15f56bb5d7f6
SHA1 2b5bf97cd59e82c7ea96c31cf9998fbbf4884dc5
SHA256 5be5216ae1d0aed64986299528f4d4fe629067d5f4097b8e4b9d1c6bcf4f3086
SHA512 c39a28d58fb03f4f491bf9122a86a5cbe7677ec2856cf588f6263fa1f84f9ffc1e21b9bcaa60d290356f9018fb84375db532c8b678cf95cc0a2cc6ed8da89436

C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\715946058.pri

MD5 30ec43ce86e297c1ee42df6209f5b18f
SHA1 fe0a5ea6566502081cb23b2f0e91a3ab166aeed6
SHA256 8ccddf0c77743a42067782bc7782321330406a752f58fb15fb1cd446e1ef0ee4
SHA512 19e5a7197a92eeef0482142cfe0fb46f16ddfb5bf6d64e372e7258fa6d01cf9a1fac9f7258fd2fd73c0f8a064b8d79b51a1ec6d29bbb9b04cdbd926352388bae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore.jsonlz4

MD5 1aa39b8424b290e2df9e68a3d319ded8
SHA1 3e5d006bea8cf842dbfbc305a83fbbe367f1b259
SHA256 6a7b593fb6fc8e0d1199a9dea1f60332d1ee6718867270879be11fa95056e7fe
SHA512 d8de80b618bf82028bd5c4fc8b2c5b7e7a3bf630512c1953ba4fc870080cb80c411d3ce15595c327b47cf34896da448b4a41ea58792a7e737ae636cf9805ac0c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionCheckpoints.json

MD5 e6c20f53d6714067f2b49d0e9ba8030e
SHA1 f516dc1084cdd8302b3e7f7167b905e603b6f04f
SHA256 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092
SHA512 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

MD5 4791cb35401e54ee9422fd869ccedcb8
SHA1 a7b28a19a29b3fe62ca15f4f01fc45999af1bdff
SHA256 1cbf3a1edac5b03b6a98c268613d2c66b76a13cbdadf9b9703b09386b66ce5ed
SHA512 05c2675a05a34511dd312a6b53da78c5e7d731451e4c1ea8bab7600a48fc852f5ff6f0d4fe1b57e6b86c8defa974927ddab7093e8dfb6387cb8b12295ec30e1f

memory/3116-749-0x00000261D7620000-0x00000261D7630000-memory.dmp

memory/3116-766-0x00000261D7730000-0x00000261D7740000-memory.dmp

memory/3116-784-0x00000261D6740000-0x00000261D6742000-memory.dmp

memory/5764-792-0x00000200CFC40000-0x00000200CFD40000-memory.dmp

memory/5764-794-0x00000200CFC40000-0x00000200CFD40000-memory.dmp

memory/5772-805-0x000002128C200000-0x000002128C300000-memory.dmp

memory/5772-814-0x000002129C6E0000-0x000002129C6E2000-memory.dmp

memory/5772-812-0x000002129C620000-0x000002129C622000-memory.dmp

memory/5772-810-0x000002129C600000-0x000002129C602000-memory.dmp

memory/5772-832-0x000002128C200000-0x000002128C300000-memory.dmp

memory/5772-919-0x000002129FA80000-0x000002129FAA0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\V6FNNLLL\answers.microsoft[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/5772-960-0x000002129FAA0000-0x000002129FAC0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\18J4QIHC\wcp-consent[1].js

MD5 5f524e20ce61f542125454baf867c47b
SHA1 7e9834fd30dcfd27532ce79165344a438c31d78b
SHA256 c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9
SHA512 224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

memory/5772-986-0x000002129DEB0000-0x000002129DEB2000-memory.dmp

memory/5772-992-0x00000212A0CC0000-0x00000212A0CC2000-memory.dmp

memory/5772-996-0x00000212A0CE0000-0x00000212A0CE2000-memory.dmp

memory/5772-994-0x00000212A0CD0000-0x00000212A0CD2000-memory.dmp

memory/5772-998-0x00000212A0D10000-0x00000212A0D12000-memory.dmp

memory/5772-1014-0x00000212A1410000-0x00000212A1430000-memory.dmp

memory/5772-1037-0x00000212A1160000-0x00000212A1180000-memory.dmp

memory/5772-1128-0x000002128BDB0000-0x000002128BDC0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\65ES3H0J\favicon[1].ico

MD5 b939aee911231447cbd2e3ff044b3cce
SHA1 0f79060358bea92b93ded65860ffbc9ecae3dc14
SHA256 f35fe126f90cecbb6addd79308e296e8409dbebf6bc589c31749e67713e9bb3c
SHA512 8053232364d54966f4b8acdf9af61a1366bae09789d6a76b8e723d7c3f96287460248eda12083795766809569527f4821f7e87ca4a644ae900c3df33002c9977

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\18J4QIHC\MeControl_v6QmZT1KIHvYorogrcRgqA2[1].js

MD5 bfa426653d4a207bd8a2ba20adc460a8
SHA1 1c3777307ca89baffe14769945eb2215c0c2700e
SHA256 f07fdce076d91c554de135674b5ea92a3b72348d33c72d43f93e7ff9a5bfa490
SHA512 56643373ee5af3f6f1ec20da41998b99a5d311aa9b550492683e2ea2a07146939e3abec9c10b525f5a312bbe2b6152d6c8ec3b9e2174c79c316cf21db764c8ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF02D5BF1AF0A61ACF.TMP

MD5 3cb73187f095a480743da38333f0e29f
SHA1 14f7228c55a3125664cef1acbdabad0a68bc3970
SHA256 efbb438d7aea9fffef9aa6178b704286411cf69870d47485bf289b9bff0bcaae
SHA512 2ba160bd0120ce5704142f0cead33aed12f0a9ed2973085a05a0b91099bf9acadd24d7efb610c51cf34afaa9f227fa3845c340cacc13cfe819bdc8ef23eeba31

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JODXNRY6\favicon[1].ico

MD5 84cc977d0eb148166481b01d8418e375
SHA1 00e2461bcd67d7ba511db230415000aefbd30d2d
SHA256 bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c
SHA512 f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm

MD5 76c79d0c7ebf3a81345f7c8cfd1645b5
SHA1 b6ba6f75a89adbb4fe95401be5472e669bfa60db
SHA256 35a24ad8516ad334cda7cbc953938b3a2eee81a5d1e9e1aa4d48daec0cdfea16
SHA512 5b292dddd00faa1130003deae8557b539b3387ef14b81dfcb1d4ff6b5482a39419f165a63b25de0a30749624b93f840cefc470f616e3ba2d9fc737877f6ed7e7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb

MD5 beecd1bf71ce15ab9fa4238801864453
SHA1 c0693a0c94d482791497fe7bfbace21368e16175
SHA256 9c0c90a188bd7e719c6c75038c335f705f935497134f3fb9a75251bbb78c18c8
SHA512 c51ef19352c4517cf1dd2bfa601dd5426a2ca89d956c536a6f651644afc599b4a826b4bbaacaa7bbdedef2d0abe8586671fe47f7dff46f1f0a9e1665ff1ee63a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

MD5 ce1b29b23248c9dd497a5d0ad49497ec
SHA1 8e01fde217c598b905bbcd1446055c2d1d4242cc
SHA256 4e12b5b35c989de56293059fe72f8d049b9cfb59efa6de6cfc5b9fed2d99289c
SHA512 abea3cb32c4070898ffab0cb412f0cff58ac6ef189d575fc406680f5bd8700f0e577bfbddf28deb22c88f3158ac7a025c1edbed36ec99f630337101df9162eb9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

MD5 bd01ac722c82ee062e1393b9c8b0c0f2
SHA1 9f4d2b0ed5bd1fef9b8dcdae06b5d8cbcfb6571d
SHA256 be49b971cf6c580322a8079ff677b2385c75a9fa3c68dcb6fe41084b2e769a99
SHA512 3142f019423c5e68a8f5ae90c45a86d0d44f36526332e820ebac2452b660e7e39dfc5b5eae5098ba03dab351df894682fd46ca0527c4c201aa36de82b445d3d7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{49923839-2FB1-4D4D-98DA-19B7E363DE75}.dat

MD5 6da8637b774513e843e6dbf6602951ad
SHA1 f9470e2fcadba961ac4aaa474a720e62e026710f
SHA256 f87abaa6bd93c81fbe53acca0946ab36fbb567ba052597c13bcac4d0c3eb7358
SHA512 b6dd1ef74af7c10ae8bbd98dab1321521cd6e3b52decbdaade7cdda838b49042a58d1dbc62866902fee58bb91d139c43af486f493e8d4cf62c0886df15e43bd9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{099E7469-D943-4484-B22A-7ABB23916706}.dat

MD5 f145c4db62aee02d73b1de097acd22d2
SHA1 d71e050e32687c6bb4f15e4144867372784512e8
SHA256 7751bbb5d7c4177514e9a2c37974928de95065c75590a0aa4130ac9fc6708a18
SHA512 893f03768094423c6f02b0bccf14fc3b6ea9b5d2e2ac820e9222b910f88af7e6310e896bbdf9b02c2d66c5cff47056027de1a9b6c80e8b0e46cc483530ac6d77

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{8A93F331-1FDE-47F9-81DA-9893C351D70E}.dat

MD5 e892deebbb7c8daf1d3503285ef0dad8
SHA1 5884f56022cec2b18a64fb931bdf98887cd8ffc5
SHA256 4400cfdd781d589be8af29e912da11effca3b36eefbcc109a538f4bf7b753a91
SHA512 0a0c80df9d28479704eff871ac3a9cde4e781e42e51025df845f0dbf158dbc45fb6b68d863af4e4632247b929673cafa2c4eb9830c44e79eb996c2ecfb3e418e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{1B4D61C6-526C-4E0B-9373-C1EFCD4E24AC}.dat

MD5 5320935c90f74ced113a2aa727ea86ae
SHA1 e16223d253c4dd42443b850586395c74e95933d0
SHA256 a40e91b18f75e56a7547fb8f3d2bdf2db2afbd9fc23567b7bca5e685e00a5893
SHA512 0ecef51b58152d4a881b2da0e335cdb9cdb8bdb51d1866742f9acff8440e2be8cc15ff74e6ef06032b4d9e3ba8ae59b5f586d68ac764237d5a798177bd67c961

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{9D0188A9-89FB-4AD1-B14B-527785ACA21F}.dat

MD5 da381bf7c67ad23f459d3b66b3f3f002
SHA1 887f841c598a5a0ec86046195351270d65c059a6
SHA256 f3a482d521f034d230ea4f42d3da9770ab140c98fcabf649352a33e996b7074c
SHA512 38e6c5ca8c62951ca2ceda60f99016ed175810fd088bc387bf5691f8e2d17ff5674451c32d3621295f91b738d9917663f35f713b002e39162333a79bc4acf08b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{2BB5529A-C43B-41C2-8942-9127DC9C62C3}.dat

MD5 99c50e4d7526c5e4e23ca0434a3cc1ff
SHA1 64a535535ffc2b4328d2d9c47224a765053a1731
SHA256 4a46a8d6e1a7b2bd0cf1543492e476224107fead628c78b4f117864efdfcb0ef
SHA512 c873e3b4fb7bdc34e1df3df75dc45d5de3a17e3c3c265b6e4a3be0848fb2201707eebf35259bb960e80655b294c63a4455e5647f06928e4a393336e30e90699b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\3lcf90e\imagestore.dat

MD5 1244bfbcc0b2076f0dd0d00eb5ea7bb2
SHA1 5000efe46cf42b4fb5700fdd3bcf1ef1fae83080
SHA256 db1759f1aaedb0dc132e5c9cf7d06fa1150b39ada5ec4d185bbe5154bb3cede4
SHA512 f73724f3ea9d449be6d24d2b04a2bd79cec61150f07fcc235b6ee5509596e5d8e73f65ea44fc72cc1772cdc336c18a7bf631a32acc47d52067a5083569c5ab35

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 b8bbc463c1cce84a304e9fdbc64d819a
SHA1 bf92d1d96c04e7a06787b314c9ab947e473c049d
SHA256 a264172c1f386ad788d6723365584799cd5775f339d06599dcc52e971e0cb3ce
SHA512 9a6ecd73a1922bb6ea1cb1982df940d04d7dfd51b988d28c540e1a8629b37b748907cdc047a656fcda78f93519e1380695196a0271bcc0d1b2e63724dc3c87db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 007d71d0775cde7636ae7932473163c6
SHA1 410f3510aaddcb1342e9f3d927371aecb7d86bd7
SHA256 a232dd3ac0d02966d8782b3ae7c412dd82b4bdaae9524c2647b2f1003a6370b3
SHA512 af7d3addcf96da57d92f557efa364ccb3b0651200f45669d64f047fc7f05a0aa014dc34d67a023868b1e173d198ad0a59404c4613c04cb5edd89413e1fac7290

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AGT29K55\js[1].js

MD5 e1071235219132ed39558b4b6ebdf269
SHA1 2d60688ad86c9439ea54527518b6a9c3f30c6e77
SHA256 257a9f419ad9955e5d2b79191dd9d06491041e16a500259e38d05ff301149f10
SHA512 acd0b3294c441f5b3d0a71caee993af3b7026d3092187b2e59a00033a798dc70f3f3a8045e868089844a47d4815dd12bcbf8ca19a12eb6645269beeec23247ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\H4BZ5K4X\PCOP[1].ico

MD5 6303f12d8874cff180eecf8f113f75e9
SHA1 f68c3b96b039a05a77657a76f4330482877dc047
SHA256 cd2756b9a2e47b55a7e8e6b6ab2ca63392ed8b6ff400b8d2c99d061b9a4a615e
SHA512 6c0c234b9249ed2d755faf2d568c88e6f3db3665df59f4817684b78aaa03edaf1adc72a589d7168e0d706ddf4db2d6e69c6b25a317648bdedf5b1b4ab2ab92c5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 c8516a74e879ccc135d6607c07de9c3f
SHA1 34565a9a50cb7cf9ad973131c2eecc3cf7ebd487
SHA256 b689a915a75f5af1e69c557c565b595fedeec09fb3bd96f41633e39e04ecd73b
SHA512 379e624f55eda7ef1df73bcfa4f0c61974b0b59662c8e2440aa2e0e72b149689928be14182ed2a57bdcbac596639da708464036f21de074bb77c3fa2dcf04543

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 f476d3b7b941b215fc57645e5ceb93dc
SHA1 d5b5328f01c274b64ed7081273cacea39adc95d4
SHA256 5bbc6a441903100177735157d750d0ccd9f7162c7b6bc2c49a7e332b742896d9
SHA512 59d359d47b50c79d259f5c077e486cb9bf129776596b448fe21cc182134eef20ae8dbfc46aa4a55a8d650fa51a8dd0acdce4ba491375d3ac15824908749b71a8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

MD5 b4b4201fe05ed105782af69160691843
SHA1 94ed60e21b2bbcc11c74a82e5a4f0b8dbacdf4a1
SHA256 2be4864f963739dd6b336572aca9639d50eaefe0ad1cd6f9366324ee003ab526
SHA512 9d9120a9c78a1e945b30b753f807f541fbd3fad2005bbff47ab507bde47a5268d6b68c89dd63fa61bd2722cc3d5ee38cdadcd2d2d8ce26e916fa50cc4bad4b16

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm

MD5 38695bc5913878e88fb9c2516b4903ca
SHA1 fde98669109fac2f4809e69df42909ecee3c8efb
SHA256 76f7cc2b83ed76cfd2e924ab3efd303d8ed0ebf53b667ec99a0130151d8beaee
SHA512 2cf558030a71f8062680f634d90a4bd8dd24c208fd31ae4c32e1c1ed7715e96f18b28fdd6f4369e814eb3d46fdea60199c93c5e9fde6a1b585df1a3fb7e3af73

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb

MD5 cf55cb9e7c1c4d8b973ad1ebadf8c241
SHA1 da1be5fb7cf6f36c0897426efb0b411bf5d0138c
SHA256 673e220173199a5623f8b44086010256a1a32c4c1dbdf0d0efa9bac3eca81f80
SHA512 e2f69dfb2345c8fcedb069e85a6c610f114d6f12756fb1d30a111cf60aea10b6c101c6426e2b58325820e5f55580c347fd9da98afb4e839c9cce0fc44d37c482

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

MD5 f3d528bc857ea4223d857d1c18cb9b6c
SHA1 1f14bf0a6504c3df691cb86e1c2937c14d139be4
SHA256 70d2e1b92678ae6cb0832a28ddeb04b2af40c3ff28e61d4050f92ab26a6835bb
SHA512 e4ee9fa39a9880c9a81baa414dfe2ae92063cd0603deb4d6aa58718029a94866fa4b1220282867a0ee469b92c0e4b57100b570c0f054998938d7d853d6e15bc5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

MD5 0523bab43d9466af2fe9c8c6a6766d46
SHA1 5b3ad67789e4d5015e51e99de3842759a790fb46
SHA256 8777ef29433477eace85409191673a2d5585a3b6a9d77e7c307c44521eff3047
SHA512 6a194aa71bf691ec76b9793ea2d23be7bd6b8841edbfa8dfab8ca74ea5ff140328be3fd250dbd6c8973e02d9175c6954f793ab941f24f38af05e3a4965da1b09

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{E7B753F2-BEF0-4F25-9A10-E64BB336C255}.dat

MD5 dd51305e36bac51420506abd2d293f69
SHA1 ac546dd38575070b2a0119c1e1dd0c91c2cb7af2
SHA256 34e51553e58cd915b4e01acd2b7f66a1b4dbd803e497ac99ccda1a7eb9aad7ff
SHA512 08a38382efe40fa2b5df51874d755626ca9f6ae77681cd3f46515da29fd76daaf6b43f3fbb1bc4ad9adf3d36a8d6a82062450fb0e814a95c104d30bce15b20b8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{EE3CFD07-D4FF-4D50-AE34-332D7DF02CE0}.dat

MD5 61cda172bc1fda88075d379887bd7b3a
SHA1 097567d470361404ba65ba50448f9214a4d559eb
SHA256 fa20b328826fc3b07d6b2c5cf08dcfc4e18fe99c2f644e290d44a2ff68b787d0
SHA512 22d602f928698ef6ca943738bbfe336b6bda39ef9a69c0673da1ffee61f7f6e3c5a9b6226cd128ecdbdcfb869dbb2b78284df601885acf513197ac7ae0c4293b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\3lcf90e\imagestore.dat

MD5 af70861e97d1ca7386e5d5d6743491b4
SHA1 80506cbfb70a21a1c8d827130550691348494b33
SHA256 1079eca91d68f524c16b21705d1c025dab4eee0bab2e648bbb5d7905ce6706b5
SHA512 eecbf912364e2cd21d4e5d096ca4ca96890f3024b493c8a7a4998ad37e06edee72e4eaa88b04cd30905b5bd37a12896bdaf02e13639cfe57dc78d52f16e1845a

C:\Windows\INF\netsstpa.PNF

MD5 01e21456e8000bab92907eec3b3aeea9
SHA1 39b34fe438352f7b095e24c89968fca48b8ce11c
SHA256 35ad0403fdef3fce3ef5cd311c72fef2a95a317297a53c02735cda4bd6e0c74f
SHA512 9d5153450e8fe3f51f20472bae4a2ab2fed43fad61a89b04a70325559f6ffed935dd72212671cc6cfc0288458d359bc71567f0d9af8e5770d696adc5bdadd7ec

C:\Windows\INF\netrasa.PNF

MD5 80648b43d233468718d717d10187b68d
SHA1 a1736e8f0e408ce705722ce097d1adb24ebffc45
SHA256 8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380
SHA512 eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb

MD5 d3f745047e48dd1706a607210d458ad6
SHA1 f69cdc299ad8c67043739865a8c3e26964a26c6b
SHA256 aabb88f8805b94ea8199ce8a5e722acdcb38d24f4a82d064a311f54ce9f34b45
SHA512 8b547cfe7d8103def2e80c9023d3e09e19c1b1b61e9a807e06091ec5317f51f8bdf56f5385fa3a27dfb2f9108e11e390f0ac478c544a84790657b6a440b34b48

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm

MD5 49c490971cbcfaf5a1bbe85c15066631
SHA1 f49478d8653d1ff56bc618659b0fe47411f15102
SHA256 9cc6b9889f37dc9f1a9ad22d9d55081bb2d9fd068ceddd2673057b59193422e7
SHA512 984c126d1846b31f4475f19697a78f25657942f894d707b588c8c18a92a005cc389e3ae0e070ae1f6186c375c8e7123e73df642c64fb2fc5ef7cea6346ed681f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

MD5 719f454da0c9224afccd583ab93b16ab
SHA1 b803f2647899d9f8ff5c58ec2daf65fa8880affd
SHA256 74c4f4b9a81d46987fe9671682d4988855e50301f47463fd818b83dbfaa690fd
SHA512 2692b881e418e16dbee29fbfc4fab93d62734431b060cd4143451100f485fc48defceb874e20caa012dfe5129dd5768102c80b98351fd7f8caa2cd987c2a5064

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

MD5 7d91d20f531438a7532820a10e3a6be5
SHA1 cbeb808a38d0a3e2854f16b514649fad16f2ee2f
SHA256 0c23d58d4cf74581bc7b4a6eb42916a711c18a23a322d4cb51c7a1d87f0c33c3
SHA512 07750a9ed24b3fbdaa0975a684b3d16276599aaabe62f46088f0f1292c01859b8435ec8b160c21eba65deffb4e1f25d37565f01ca2a6d637e1a3b546440d7ab8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{1EBC532C-FE3B-4329-952A-FA3AB59DDBAC}.dat

MD5 449ba2f08a30fc9dea5b9f69704871d4
SHA1 deae9d3eae0c0845396a356addcbdc97eec3ced4
SHA256 ad6f852673c5abda9816f850f9ee1669225dbcb0c66912b4648da9dfa0d417ff
SHA512 8ac9fb74a299dd65482b615d74257f416da0bca400265252c1534e1ae44b84aecbc78b0cbbf0962e23a4a1aecd8208cbff5302ddc52157b8e8245f2f7ca48e63

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{976432A9-04AA-4B71-80DE-D408A4CF0970}.dat

MD5 0af159212bc4e1c571b2597df9b33153
SHA1 def10106c5a0170a945177b47069ede63b1f2cae
SHA256 8226059ab2182073fdeeba6650e458f736230cc1e2037fedc10bdd67331c5ef0
SHA512 a057ffe8d63378407b927bc06ddd519bd7818d2991682b9e687571fa7daee162b56476a8395c1af967ab39fcadca462c515d368551f0b7c1085304490a43585d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 a9bbe67bc23d2da5891604b0bd687237
SHA1 449e12c49fed488553cf5b8b7dafea83e6e2b1d9
SHA256 a5ad8e6026a87d347b220b0e9ed8afabc0201262f56db70442b31fbe682de065
SHA512 ad00328362c95d30f06b373dbbe020c5e55bc86ff39da6743614d44e3941fcc0011be303840f2e1da212120dfd882463d6ae3319b28deafa57cad27a7b5ad835

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 55d13419ef7e00979888e1f36e85667c
SHA1 9213fd7f1bfe3399f11d8ce56516c9ecfaef50c3
SHA256 99a431ec4372e147cbb89b186806b63791ccac196e7c21362affa2da3dea5883
SHA512 4cfbbde7606ea5d8c56ab0a540ef2c4c84d3feabf5b694d41838f00cde9fddac90cac1a2d095f53ca597288a48adbf080f1196fe4c179e5b86be7b6ba4968da5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e66f00e331c8d91185551e8d4991b197
SHA1 6619025746726c5b2dde1fc1920aca3af26dacfe
SHA256 b2ae249ef5a5248f5f3abbd3fdf950d8739ffba2ae50ac0518d46d1db6af3971
SHA512 272082afb5856dd616e9b7761f2edd5bf2946dfebb27e184be7e5903108753401e48059123298e2b90c4a83179d3ec7a3ee7896d70b3318b761653cf74095f2c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322

MD5 837922a3aef2726e8274fd56034fa4a3
SHA1 d8da55042c6766da2a83374d8f1bcfad9a4b7288
SHA256 86dcf75b1bc623705bcb2cbcf5e24d5a67d993660c4153becd0478008ae46f7a
SHA512 944668386a36856b556804ed7c83cfc930c5c26a180bcb47b8944247ab4190ead7bbf5dadfd0ff8a4cd7a5443ee5f04f0d7c232e1eebf77cfd43765bc113034d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322

MD5 f6516171928772353e96e616066ed148
SHA1 e9f48270bb19007202ae540888c6d84285b623c6
SHA256 e7de2b00f53f92ab7b59d657dee8d490c49c4ea28f936d796776a1c80ea274f0
SHA512 3eb023088da9fb53326990313b7a8c483628156aa632a1e6ab30824edc0ee475f8db04c8be45d428a35ed66e5f878a8164ea95bc9cedb04c463350391230fa16

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\U0U3T4VY\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

MD5 c79e9949b316c4a4488bcd1c34350b83
SHA1 3931715d0346ea20715714526c41a30d659d97f1
SHA256 9ba90b6e71288aa82de201e83cd5ca46713d9540a7df8cc79a1f5054d8ad1293
SHA512 4fd4b882e06a7795fb26d47efbc0ddfa9f1d2dc17d263c51630b00581260c482ccbfe10d30886f6eebb1afba61cdf696cf0827bd06c14536d2a02dc379e21867

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\65ES3H0J\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\U0U3T4VY\b80692[1].ico

MD5 ac0cd867e03ed914827807d4715bdfe7
SHA1 4051a8c23756c10d9cc00fcde6f7215c780fdf6f
SHA256 b50546da121186fbffd2aec430249cb21c7c2e2c85e561a393a9df9abfc4477c
SHA512 fa11d1d76c39719c218b4ffa34de8dd44d398bdcbb236a666f0be6eeee96bcbe4da9ac65a89441ad284c0de21788c135dc4fd21f6f82c7039f00c8a7c705c8e2