Analysis Overview
Threat Level: Likely malicious
The file https://cursed-beta.blogspot.com/2022/11/cursed.html was found to be: Likely malicious.
Malicious Activity Summary
Sets file execution options in registry
Modifies Installed Components in the registry
Registers COM server for autorun
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Enumerates connected drives
Drops desktop.ini file(s)
Adds Run key to start application
Checks whether UAC is enabled
Checks installed software on the system
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Runs .reg file with regedit
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Runs regedit.exe
Enumerates system info in registry
Modifies registry class
Gathers network information
Checks processor information in registry
Checks SCSI registry key(s)
Modifies Control Panel
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Uses Volume Shadow Copy service COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 12:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 12:32
Reported
2024-06-12 13:03
Platform
win11-20240508-en
Max time kernel
1799s
Max time network
1799s
Command Line
Signatures
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Stubpath = "%SystemRoot%\\system32\\unregmp2.exe /ShowWMP" | C:\Windows\system32\unregmp2.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6EADE66-0000-0000-484E-7E8A45000000} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} | C:\Windows\system32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\DontAsk = "2" | C:\Windows\system32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Version = "12,0,22000,282" | C:\Windows\system32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\IsInstalled = "0" | C:\Windows\system32\unregmp2.exe | N/A |
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrCEF.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrServicesUpdater.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zC8BEE0E8\Uninst.exe | N/A |
| N/A | N/A | C:\Windows\Installer\MSIDF1D.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\default-browser-agent.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_B.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F0B4F6AD-5E09-4CB1-B763-EC390CBDE51D}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DCA8D857-1A63-4045-8F36-8809EB093D04}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A7754649-0E57-4837-B74F-1EB2C9C103A2}\InProcServer32 | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\7zC8BEE0E8\Uninst.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CA8A9780-280D-11CF-A24D-444553540000}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{63880b41-04fc-4f9b-92c4-4455c255eb8c} = "\"C:\\ProgramData\\Package Cache\\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\\windowsdesktop-runtime-8.0.2-win-x64.exe\" /burn.runonce" | C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\system32\unregmp2.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\SRU\SRUDB.dat | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{b9aa757c-9a6a-4692-ab7c-3dbd091cccd2}\snapshot.etl | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\SRU\SRU.log | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{b9aa757c-9a6a-4692-ab7c-3dbd091cccd2}\snapshot.etl | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\SysWOW64\Elevation.tmp | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\SRU\SRU.chk | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\SRU\SRUDB.jfm | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\NDF\{3A7A9DB7-EB59-4E7C-9C3E-971BCBB4B48E}-temp-06122024-1235.etl | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\NDF\{3A7A9DB7-EB59-4E7C-9C3E-971BCBB4B48E}-temp-06122024-1235.etl | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\wdi\LogFiles\StartupInfo\S-1-5-21-3001105534-2705918504-2956618779-1000_StartupInfo3.xml | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3001105534-2705918504-2956618779-1000_UserData.bin | C:\Windows\System32\svchost.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ja-jp\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sl-si\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fi-fi\PlayStore_icon.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\hu-hu\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\hyph_en_CA.dic | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviews_super.gif | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\pt-br\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\fr-fr\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\core_icons_fw.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_filter_18.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-il\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MinionPro-Regular.otf | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_editpdf_18.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\uk-ua\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\AccessibleHandler.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ca-es\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sl-si\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\nsn35E9.tmp\AccessibleMarshal.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\Products.txt | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\dd_arrow_small2x.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Primitives.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\logo_retina.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\uk-ua\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\cs-cz\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\uninstall.log | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sv-se\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviewers.gif | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Csp.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\dd_arrow_small2x.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\next-arrow-hover.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_up_hover_18.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\cs-cz\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\hu-hu\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\hscroll-thumb.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-ma\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\plugin.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fr-fr\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_shared_single_filetype.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\dot_2x.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\da-dk\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-fr_fr_2x.gif | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\s_listview_18.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIDE.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\email_all.gif | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\cs-cz\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-fr\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\be_get.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\fr-ma\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Home.aapp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-cn\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\InAppSign.aapp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\de-de\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\new_icons_retina.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\export.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ccme_base_non_fips.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CP1253.TXT | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ICELAND.TXT | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AiodLite.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Onix32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\tesselate.x3d | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\XFDFFile_8.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Updater.api_NON_OPT | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID90D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\BIBUtils.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\cryptocme.sig | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\info.plist | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\sqlite.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\TURKISH.TXT | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF8F124A977C42F425.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\collectsignatures.aapp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF4A516922B435D660.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3094.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF13266572FAC87811.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\displaylanguagenames.en_gb_e | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Flash.mpp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\PDDom.api_NON_OPT | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID615.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Accessibility.api_NON_OPT | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\JP2KLib.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDD15.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\adobepdf.xdc | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\_d.x3d | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AdobeCollabSync.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\icucnv40.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\QRCode.pmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\viewer.aapp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFDB6641D3C8609A8A.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AXE8SharedExpat.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3E1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI331A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDF2F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Acrofx32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AcroPDF.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AXSLE.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\DisplayLanguageNames.en_US.t | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\weblink.api | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\logtransport2.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\reader_sl.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE629.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\displaylanguagenames.en_us_p | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\_difr.x3d | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Annots.api | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\EPDF_Full.aapp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\F_CENTRAL_msvcp120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDFBC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CoolType.dll_NON_OPT | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\F_CENTRAL_msvcr120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\adobearm.exe.BDCA7721_F290_4124_BBED_7A15FE7694EB | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF4EB8CB5729C1F86A.TMP | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000ea03c27790712bf60000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000ea03c2770000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900ea03c277000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dea03c277000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000ea03c27700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\System32\svchost.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Control Panel\Colors | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7278BD0-7970-47D6-8954-99B2343EED88} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B723F941-52A2-4392-B500-60F3889659B4} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BD57A9B2-4E7D-4892-9107-9F4106472DA4} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\system32\wwahost.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AC06A6F-4C88-4707-8DEC-61017CB50E1E} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B} | C:\Windows\system32\msiexec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133626692159669163" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\RAS AutoDial | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\RAS AutoDial\Default | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19 | C:\Windows\system32\wwahost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Windows\system32\wwahost.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0B4F6AD-5E09-4CB1-B763-EC390CBDE51D}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Extensible Cache | C:\Windows\system32\wwahost.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CA8A9780-280D-11CF-A24D-444553540000}\Version | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.XDPDoc\shell\Open | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B4CD3ED-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.XFDFDoc\shell\Print | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.FDFDoc\shell\Read | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\18237B7CA0BADAD40AF9C5034D6097CA\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{A45AEC2B-549E-405F-AF3E-C6B03C4FDFBF} | C:\Windows\system32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\command | C:\Windows\system32\unregmp2.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\68AB67CA7DA73301B744CAF070E41400 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{17F2E344-8227-4AA7-A25A-E89424566BBA} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}\Programmable | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\Printable | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\acrobat\shell\open\command | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{74A13FDD-9BCF-4229-9CAB-0079A5E17A25}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\FIREFOXPDF-308046B0AF4A39CB\SHELL\OPEN\DDEEXEC | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheVersion = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\68AB67CA7DA73301B744CAF070E41400\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A894040-247E-4AFF-BB08-3489E9905235} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\.webp\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.XDPDoc\shell\Print | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B4CD3F0-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EE5A151A-AD2A-4CEE-AD65-228B59F5B4AD}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.Document.DC\Shellex\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroPDF.PDF.1 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AFormAut.App\CLSID | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroAccess.AcrobatAccess | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\Verb\0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F0B4F6AD-5E09-4CB1-B763-EC390CBDE51D}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\DefaultExtension | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{74A13FDD-9BCF-4229-9CAB-0079A5E17A25}\Implemented Categories | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_64.8.8795_x64\Dependents | C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9DF1F64D8EF250D42BCA10C1326BB942\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\68AB67CA7DA73301B744CAF070E41400\Patches | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroPDF.PDF\CurVer | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0F6D3808-7974-4B1A-94C2-3200767EACE8}\1.0\HELPDIR | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.secstore\AcroExch.SecStore | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroAccess.AcrobatAccess\CLSID | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{24DA047B-40C0-4018-841B-6B7409F730FC}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\command | C:\Windows\system32\unregmp2.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{671B6145-4169-4ADD-9AF3-E6990EB2B325}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Patches\68AB67CA7DA700005205CA31A0E45600 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Root | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_64.8.8806_x64\Dependents | C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_64.8.8795_x64 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceh | C:\Windows\system32\wwahost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\ = "&Add to Windows Media Player list" | C:\Windows\system32\unregmp2.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.XFDFDoc\CLSID | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\DataFormats\GetSet | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\ = "&Play with Windows Media Player" | C:\Windows\system32\unregmp2.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00FFD6C4-1A94-44BC-AD3E-8AC18552E3E6}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7EA23D88-569E-4EFD-9851-A1528A7745F9}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpState = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B4CD3EA-4981-101B-9CA8-9240CE2738AE}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.Document.DC\Insertable | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.pdfxml.1\shell | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00FFD6C4-1A94-44BC-AD3E-8AC18552E3E6}\{B4848E37-7C66-40A6-9F66-D3A9BC8F4636}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F0B4F6AD-5E09-4CB1-B763-EC390CBDE51D}\DocObject | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F0B4F6AD-5E09-4CB1-B763-EC390CBDE51D}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Runs regedit.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wwahost.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cursed-beta.blogspot.com/2022/11/cursed.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8eafab58,0x7fff8eafab68,0x7fff8eafab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2148 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4620 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4412 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4616 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:1
C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2316 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2312 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:8
C:\Windows\system32\msdt.exe
-modal "524644" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF6ED2.tmp" -ep "NetworkDiagnosticsWeb"
C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2296 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1416 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
C:\Windows\system32\ipconfig.exe
"C:\Windows\system32\ipconfig.exe" /all
C:\Windows\system32\ROUTE.EXE
"C:\Windows\system32\ROUTE.EXE" print
C:\Windows\system32\makecab.exe
"C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
C:\Windows\System32\BitLockerWizardElev.exe
"C:\Windows\System32\BitLockerWizardElev.exe" F:\ T
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BDESVC
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1472 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:2
C:\Windows\System32\BdeUISrv.exe
C:\Windows\System32\BdeUISrv.exe -Embedding
C:\Windows\System32\FveNotify.exe
"C:\Windows\System32\FveNotify.exe" \\?\Volume{77c203ea-0000-0000-0000-f0ff3a000000}\
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1564 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Windows\SysWOW64\unregmp2.exe
C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /Play "C:\Program Files\EnableUnlock.wm"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
C:\Windows\system32\msiexec.exe
"C:\Windows\system32\msiexec.exe" /qb /x {AC76BA86-7AD7-1033-7B44-AC0F074E4100}
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\7-Zip\Uninstall.exe
"C:\Program Files\7-Zip\Uninstall.exe"
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Users\Admin\AppData\Local\Temp\7zC8BEE0E8\Uninst.exe
C:\Users\Admin\AppData\Local\Temp\7zC8BEE0E8\Uninst.exe /N /D="C:\Program Files\7-Zip\"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding DC04E76BAF5E0711E8324B0857FA9074
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding ADE9A4BB686535F1AB991B40BA649581 E Global\MSI0000
C:\Windows\Installer\MSIDF1D.tmp
"C:\Windows\Installer\MSIDF1D.tmp" /b 3 120 0
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" ClearToasts
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
"C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe" /uninstall
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
"C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe" -burn.filehandle.attached=596 -burn.filehandle.self=612 /uninstall
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
"C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe" -q -burn.elevated BurnPipe.{F199E911-F6F4-42DB-8971-B571E62BAC80} {4AF7875B-8FCA-44D5-A09C-EEC989865B05} 1216
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 65436F2A66055AEF69BE018E58CB1C20
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe
"C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe"
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Program Files\Mozilla Firefox\uninstall\
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding D53E1C70794521AD4196B448425A470B
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 79284215CF0A8864D6F34CFB867AB5A7
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding F65118F141339A96805BAF857BE41CA3
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask uninstall
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask uninstall
C:\Windows\system32\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s /u "C:\Program Files\Mozilla Firefox\AccessibleHandler.dll"
C:\Program Files\Mozilla Firefox\default-browser-agent.exe
"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" uninstall 308046B0AF4A39CB
C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" /S
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_B.exe
"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_B.exe" /S _?=C:\Program Files (x86)\Mozilla Maintenance Service\
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" uninstall
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x0000000000000454
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4200 --field-trial-handle=1708,i,11724297164814222019,8336401480066278833,131072 /prefetch:1
C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Desktop\TraceRead.reg"
C:\Windows\regedit.exe
"C:\Windows\regedit.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8eafab58,0x7fff8eafab68,0x7fff8eafab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1864,i,13246938835727196536,13844836281449454577,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1864,i,13246938835727196536,13844836281449454577,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1864,i,13246938835727196536,13844836281449454577,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1864,i,13246938835727196536,13844836281449454577,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1864,i,13246938835727196536,13844836281449454577,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4212 --field-trial-handle=1864,i,13246938835727196536,13844836281449454577,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1864,i,13246938835727196536,13844836281449454577,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1864,i,13246938835727196536,13844836281449454577,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x0000000000000454
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3884 --field-trial-handle=1864,i,13246938835727196536,13844836281449454577,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cursed-beta.blogspot.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | cursed-beta.blogspot.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| GB | 2.16.34.98:443 | tcp | |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| US | 8.8.8.8:53 | cursed-beta.blogspot.com | udp |
| US | 8.8.8.8:53 | account.live.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | account.live.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| GB | 2.16.34.104:443 | tcp | |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| GB | 2.16.34.104:443 | tcp | |
| GB | 2.16.34.104:443 | tcp | |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 2.16.34.104:443 | tcp | |
| GB | 2.16.34.73:443 | tcp | |
| GB | 2.16.34.73:443 | tcp | |
| GB | 2.16.34.73:443 | tcp | |
| GB | 2.16.34.73:443 | tcp | |
| GB | 2.16.34.73:443 | tcp | |
| GB | 2.16.34.73:443 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 2.16.34.89:443 | tcp | |
| GB | 2.16.34.89:443 | tcp | |
| GB | 2.16.34.89:443 | tcp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| N/A | 127.0.0.1:51546 | tcp | |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 127.0.0.1:86 | tcp | |
| US | 8.8.8.8:53 | inputsuggestions.msdxcdn.microsoft.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | inputsuggestions.msdxcdn.microsoft.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | inputsuggestions.msdxcdn.microsoft.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 2.16.34.80:443 | tcp | |
| GB | 2.16.34.80:443 | tcp | |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| GB | 2.16.34.80:443 | tcp | |
| GB | 2.16.34.80:443 | tcp | |
| GB | 2.16.34.80:443 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_1844_WJYKJMQSLZQEMOWM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5c62266f-53aa-4c91-8b6c-0129f2085a3a.tmp
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bbb34711a7711573bc0df5e923bb7ddf |
| SHA1 | 55988564d1a3e51c9a3a2e6739fbc1bcc6f0feb9 |
| SHA256 | 9edd67388f3c012200e23d369cb8ae19385f384efad8a1440576544c7dd204ab |
| SHA512 | eb922c2291ad1bad0539d40e8ac360c681acac7e21e9f63e6b2b56c0f31eae8e7bc5ae0eaa564d4a75e34df0fa3b9afb108d91343c9594c517ffc18f97e4327c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 833b11ac07842d756f696b118dc7c488 |
| SHA1 | 25b37dc1f54b87e9e409d3e0b0ce2b72719a315f |
| SHA256 | 1377b88f3106c7c54fc32dd06f7519e85dd6fc31d8658ad393873ac9652b5c25 |
| SHA512 | 987c3a037caec392ba3c40ac77ff16112568e37cce665ab94f1a9db0a955b8f5af0a665e3e197c50e376c8888f813e606919da3d70d074b91eadf527276ea93f |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-6-12.1233.1696.1.aodl
| MD5 | 0f3868a2d114d92139087c835837380b |
| SHA1 | ddfb79d6ac40d350fe0034c665ce54617342bdd2 |
| SHA256 | 8fa6cabb4ad6ad4586f690cec58b3b500ffdb5150f34af878cbe54d441a053e5 |
| SHA512 | a3c87a88985682ef1e7fe43e2859c77c4bec07b71deaabe75bc5111a1bd803e04a1129c4d7b0c70eaab9cb5fd0573adca6d7d192cf6562c3a9660472433b639c |
memory/1972-263-0x0000029997300000-0x0000029997320000-memory.dmp
memory/1972-407-0x0000029999280000-0x00000299992A0000-memory.dmp
memory/1972-538-0x00000299A9B10000-0x00000299A9B30000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\NDF6ED2.tmp
| MD5 | e310e5578a38aa0803fe501af84e061d |
| SHA1 | ec4e52893b7da842778df8d6658b356de731249b |
| SHA256 | 904b48d7f7c6f079ddf5453bfe05bd98118a7e69d0bba17a75f2209a7a5389bd |
| SHA512 | 36465ac3ee139947b6623b0efc85cbf66dc8640dbb41abb613057b7d4b48e816bb67cc4893bd994f4f81d2978397f0a8361b2300eb5fb38cb0dcf01a546bceb2 |
C:\Windows\Temp\SDIAG_750d8af6-a175-4de0-a78a-0a4723a6732b\DiagPackage.dll
| MD5 | ec287e627bf07521b8b443e5d7836c92 |
| SHA1 | 02595dde2bd98326d8608ee3ddabc481ddc39c3d |
| SHA256 | 35fa9f66ed386ee70cb28ec6e03a3b4848e3ae11c8375ba3b17b26d35bd5f694 |
| SHA512 | 8465ae3ca6a4355888eecedda59d83806faf2682431f571185c31fb8a745f2ef4b26479f07aaf2693cd83f2d0526a1897a11c90a1f484a72f1e5965b72de9903 |
C:\Windows\Temp\SDIAG_750d8af6-a175-4de0-a78a-0a4723a6732b\en-US\DiagPackage.dll.mui
| MD5 | 44b3399345bc836153df1024fa0a81e1 |
| SHA1 | ce979bfdc914c284a9a15c4d0f9f18db4d984cdd |
| SHA256 | 502abf2efedb7f76147a95dc0755723a070cdc3b2381f1860313fd5f01c4fb4d |
| SHA512 | a49ba1a579eedca2356f8a4df94b1c273e483ceace93c617cddee77f66e90682836c77cea58047320b2c2f1d0e23ee7efa3d8af71e8ee864faef7e68f233bec4 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_basj1fuc.vaj.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2404-946-0x00000277A6970000-0x00000277A6992000-memory.dmp
C:\Windows\TEMP\SDIAG_750d8af6-a175-4de0-a78a-0a4723a6732b\NetworkDiagnosticsTroubleshoot.ps1
| MD5 | d0cfc204ca3968b891f7ce0dccfb2eda |
| SHA1 | 56dad1716554d8dc573d0ea391f808e7857b2206 |
| SHA256 | e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a |
| SHA512 | 4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c |
C:\Windows\TEMP\SDIAG_750d8af6-a175-4de0-a78a-0a4723a6732b\UtilityFunctions.ps1
| MD5 | c912faa190464ce7dec867464c35a8dc |
| SHA1 | d1c6482dad37720db6bdc594c4757914d1b1dd70 |
| SHA256 | 3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201 |
| SHA512 | 5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a |
C:\Windows\TEMP\SDIAG_750d8af6-a175-4de0-a78a-0a4723a6732b\UtilitySetConstants.ps1
| MD5 | 0c75ae5e75c3e181d13768909c8240ba |
| SHA1 | 288403fc4bedaacebccf4f74d3073f082ef70eb9 |
| SHA256 | de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f |
| SHA512 | 8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b |
C:\Windows\TEMP\SDIAG_750d8af6-a175-4de0-a78a-0a4723a6732b\en-US\LocalizationData.psd1
| MD5 | 91f545459be2ff513b8d98c7831b8e54 |
| SHA1 | 499e4aa76fc21540796c75ba5a6a47980ff1bc21 |
| SHA256 | 1ccd68e58ead16d22a6385bb6bce0e2377ed573387bdafac3f72b62264d238ff |
| SHA512 | 469571a337120885ee57e0c73a3954d0280fa813e11709ee792285c046f6ddaf9be5583e475e627ea5f34e8e6fb723a4681289312f0e51dc8e9894492407b911 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8dfa71df1dda826718d0b246367bde20 |
| SHA1 | 1dee09ac09adb8bd11157d2c9c4f2d8b63a2d80d |
| SHA256 | 626f5a653be6f5af197c4efc911d9bbcf428366b39ad968257d780d26ab592d2 |
| SHA512 | 0d7da962230d35183c28928d588aa4eabfeafe8e7887ed7e9ecb522c2f9d94fb87dcbbf2dec2b7cb25585667a5a6e7672f96a368e4dfd9956df57f0ddbd57e69 |
C:\Windows\TEMP\SDIAG_750d8af6-a175-4de0-a78a-0a4723a6732b\StartDPSService.ps1
| MD5 | a660422059d953c6d681b53a6977100e |
| SHA1 | 0c95dd05514d062354c0eecc9ae8d437123305bb |
| SHA256 | d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813 |
| SHA512 | 26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 28027309588904aa03d731908026cd3e |
| SHA1 | f68994a45d188beabe36133794ec2496ae5c2289 |
| SHA256 | 5366fa86ecfa301490653bf44c1eee6a14bf20d712ce32fb4c6903d3fae8bd47 |
| SHA512 | 51eefbfc6bfb4e1d5b782f6ed912105fc49d8e5f7d285d50d4e29106481e1b9c131f753a399b2c61fe8460420828257dccb73a3a80404b2b085382613981a622 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5895f2.TMP
| MD5 | 03053a64c39dbdeaa4dcdd956aed669e |
| SHA1 | 88258a49591871639b120e3104a5ac882248d27f |
| SHA256 | e62a1fa821f78306da6ded78d0383330eb8cae11b5dabbf5c9b2f31531d62260 |
| SHA512 | 82d801ef8d1075bd7bd9b2a1135ae7b8f8809ed56d9af5d226a55db2d83c91110952a91ad4b3047eb99ddc56a4ac0a181c2c30a957b4ab1d3017569bb6911398 |
memory/6000-974-0x000001DEA4300000-0x000001DEA4310000-memory.dmp
memory/6000-978-0x000001DEA4340000-0x000001DEA4350000-memory.dmp
memory/6000-982-0x000001DEA8800000-0x000001DEA8801000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\NetTraces\NdfSession-06122024-1235.etl
| MD5 | c08025a5dd4fe26822d0cedc6ed98749 |
| SHA1 | f06c6594b54a90684d9b897a017431a7c5312c84 |
| SHA256 | 44f953725a437d9c9ab2d0d5e8bd4ea774894ff1c6354aafda643299199bd49e |
| SHA512 | eef9ee080d40ee900217f01c05886d012f007a1b1cd8def6179a1734eeb5e90ad0fd6ef35f81521cd6a71b44f2651160c708aaae737e3a00a0f17520c81fc6cd |
C:\Users\Admin\AppData\Local\Temp\tmp1BAC.tmp\NetworkConfiguration.ddf
| MD5 | 00848049d4218c485d9e9d7a54aa3b5f |
| SHA1 | d1d5f388221417985c365e8acaec127b971c40d0 |
| SHA256 | ffeafbb8e7163fd7ec9abc029076796c73cd7b4eddaeeda9ba394c547419769e |
| SHA512 | 3a4874a5289682e2b32108740feea586cb9ccdad9ca08bf30f67c9742370c081ad943ea714f08dbf722f9f98f3b0bb307619a8ba47f96b24301c68b0fd1086d9 |
C:\Users\Admin\AppData\Local\Temp\tmp1BAC.tmp\ipconfig.all.txt
| MD5 | 1e12572064514010f029450ef5240be8 |
| SHA1 | dd405058ab55771265264999bbc0f8d54e87d94b |
| SHA256 | c523f8e7ea478a106e69e8703084799347072301b2fae10332e41dc80c2c790f |
| SHA512 | e7b6e784a28875871f41e2f666aa145c46489181c5cc0e4b735d3572f9b2cd89b8c528212336b88213350c38c22fa784aa2e821b25585bea851a4fef13156e84 |
C:\Users\Admin\AppData\Local\Temp\tmp1BAC.tmp\route.print.txt
| MD5 | 2b5d86d510fd481fa42477109bfedd98 |
| SHA1 | d84ef876e2ad5637d5f00f504a3731faf6313929 |
| SHA256 | 8a530828d6aa6087de9099bd6606d32ad699e43cf057d7513f1debd5933a4379 |
| SHA512 | b2d3dd8d084c089cd174947dff91a2779434ca45911180c328e481ea795ecf3631598ceec322cc9542ffff6290edf0cac62a4fc55c7d16a68924570fc97d0970 |
C:\Users\Admin\AppData\Local\Temp\tmp1BAC.tmp\NetworkConfiguration.cab
| MD5 | 72f86c612dd90c65f17dc697da66d2b7 |
| SHA1 | dec011353408a3ffc2bd585e288ef0ac246e3584 |
| SHA256 | 8b478b8a235be0e8d189faa91651384cf32dfdac4a9131842932fafc770f3407 |
| SHA512 | 78d6c7fa5af4a1cb69dd6ac44058ec3e5aaa1a1d5a18a391c09bda43daf185fd2fb2852e3c0139d65d10cdab82c2d3a31e64bb9acf87b5b60e78db4f0ae0530c |
C:\Users\Admin\AppData\Local\Temp\tmp1BAC.tmp\setup.rpt
| MD5 | 149a39ed290bca8ce9c1c1560cbe44e7 |
| SHA1 | 8f874e2f462f5ce65d4420b3598423dfb6943207 |
| SHA256 | 89b85adc863752b32c43723488b05bf278c7dd17c76c7971882b68be05b8eee1 |
| SHA512 | 8aa862aafb539256c928f94638eea008eb4467be01e5b2388a8c820acfc267f01cc560ae1904799d379c1e09d45b31a7e7ee3419ef43ad2609b2804ae9b69f14 |
C:\Users\Admin\AppData\Local\Temp\tmp1BAC.tmp\setup.inf
| MD5 | 76d86b352b6a975aac784b04bc9465a7 |
| SHA1 | a53d89e9238e624a24abcc69ef6c554bf6d48bf6 |
| SHA256 | c51b0c1739d05166fb8fbcbc297a2322bc096b0ca2c2964b73cfbdd8e470358f |
| SHA512 | 058517e8107c6aa96b6845378a3f1a42a9cf1478ad1a3276a20d04c7a1f0516d72d56b8a8e8fb2f4b321e1a1ff559817e23b6f8770ce8a9365a7774cab064a52 |
C:\Windows\TEMP\SDIAG_750d8af6-a175-4de0-a78a-0a4723a6732b\NetworkDiagnosticsResolve.ps1
| MD5 | d213491a2d74b38a9535d616b9161217 |
| SHA1 | bde94742d1e769638e2de84dfb099f797adcc217 |
| SHA256 | 4662c3c94e0340a243c2a39ca8a88fd9f65c74fb197644a11d4ffcae6b191211 |
| SHA512 | 5fd8b91b27935711495934e5d7ca14f9dd72bc40a38072595879ef334a47f99e0608087ddc62668c6f783938d9f22a3688c5cdef3a9ad6c3575f3cfa5a3b0104 |
C:\Windows\TEMP\SDIAG_750d8af6-a175-4de0-a78a-0a4723a6732b\NetworkDiagnosticsVerify.ps1
| MD5 | 9b222d8ec4b20860f10ebf303035b984 |
| SHA1 | b30eea35c2516afcab2c49ef6531af94efaf7e1a |
| SHA256 | a32e13da40ac4b9e1dac7dd28bc1d25e2f2136b61ff93be943018b20796f15bc |
| SHA512 | 8331337ccb6e3137b01aeec03e6921fd3b9e56c44fa1b17545ae5c7bfcdd39fcd8a90192884b3a82f56659009e24b63ce7f500e8766fd01e8d4e60a52de0fe67 |
C:\vcredist2010_x64.log.html
| MD5 | f274f7c073bbef3ea36db227ebcb5c77 |
| SHA1 | a6e475275757666791f98dd09de983690cf76c56 |
| SHA256 | b8ac8f5ba7872ad42165e91443eb86c501fd75868519cf561d71d56b134a0dd3 |
| SHA512 | 2ba87ae23e4442b4e9613341c3f833c116e3b1712e047d47c6262e69a8411b2c32595d5c6873e6f1762b38095345c108d9dcdcf3ef8308dccc8c58081b788eab |
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log
| MD5 | 9af7d190771f1c29b31da4c0774b4ba2 |
| SHA1 | 0e841bce7e4b19909590e5c7d829e3938e2d5a0d |
| SHA256 | 789789a4361369384f37a322cb2547959b65953922ed1a5b77485ee0b23dba38 |
| SHA512 | 1fb01aaee5baba56c5b7b3873f4743c8c9b4de21242c7f99107f3dd6c18f4becd852ddb2024353a1b076d079e6e8be551f261d74732580b2679487fa64a74b0c |
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt
| MD5 | 6acb22a5f0ffd1c8467c0fffdebfad83 |
| SHA1 | b1581d43421b1201358ef04f1f7082f5d10cb975 |
| SHA256 | 3d444a5af789c3883616ad428653b734c6999979573fc048bee7a1db8341ec6b |
| SHA512 | 3ee77c94e1a4898d23675063a8d06cbdd0494531b4a932718c52658bacd0eb8e4597c55d0f4f7fee9cc7b87bf8da535965f49c60ef736da70ba5a411e906c301 |
C:\vcredist2010_x86.log.html
| MD5 | bae93cd90c94912cbbfd572a399ab5ff |
| SHA1 | ba2e14c85ea7c40586c2af958f1548ea9d164e23 |
| SHA256 | de9ec5124f9113a811b310a1c2b35d0a89d997a7fbaeba4d3fd1e7c83175e17a |
| SHA512 | d60141ab3366729f517f66ceeeaad8b7481d6e3186c7ef5e96aeecffe788beab80090dbc326d548974a21ed7c1e9ce718780710f75a6026377a6c5e8d610ba7d |
memory/6000-1046-0x000001DEA8920000-0x000001DEA8921000-memory.dmp
memory/6000-1047-0x000001DEA8910000-0x000001DEA8911000-memory.dmp
memory/6000-1049-0x000001DEA8810000-0x000001DEA8811000-memory.dmp
memory/6000-1050-0x000001DEA8800000-0x000001DEA8801000-memory.dmp
memory/6000-1052-0x000001DEA8800000-0x000001DEA8801000-memory.dmp
memory/6000-1055-0x000001DEA8750000-0x000001DEA8751000-memory.dmp
C:\Program Files\ResumeConfirm.vstm
| MD5 | f4b4608d3e705ce0df117fc3b131846c |
| SHA1 | 26818c08b7232bc5337c82ca5c92bf0ff89bff23 |
| SHA256 | cc6971f578a02e6b95301d0db85ce748bac4d780abd4bc76eac56446bb6f552c |
| SHA512 | e2ef2826309d1f7d1432b9cb3e090aed2e5b1341f5139a08a63acee445eb5a4ef0b9a7637b0a581643990c468c5ed8b424529f12708f3e3574dbf6b9dc348a2f |
C:\Program Files\CompareRead.mov
| MD5 | 6b821922f885c3da1e4426a0ab32618e |
| SHA1 | 117a895c04941015edb6c4b93d7803f233bd3933 |
| SHA256 | f6c9473bb3814352617dfd93e77ae9dedac6c25929da8975106b3488ce57507d |
| SHA512 | ae552c49051e01a02482eba352fd39f5489d693306ba1b7042f5c08f2159282cc9378e356ddf3470ac48106cece274521c2661b57a7d69b5588013eae34eeb9f |
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | 10a693fae56a28287a8b97ffa89d88f1 |
| SHA1 | d2a5c49f9fe5b252dfac1eccb8998f91c41ec8ae |
| SHA256 | f25d4fb61e89da771c0bcab3b48c0257f70fcbedb08d68fa07fadf0e599b4d6b |
| SHA512 | 65c9ebed7ba7bc0f3bc41967a051eaf83cd6781f6aeaae4097709f37636b0d5bda14dd81db30d59ea58622e5b6f75de9fea7f6bd04639d2a073a8e57da95556f |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 595257db0ce1af9d1e934abd6328a246 |
| SHA1 | 743c6374e8e4cb2ca59fda55a249574c0a47ba71 |
| SHA256 | 6a9d07ab4761e2bd77a631dd0f1594a2bd791923ac640cfcc51e6fc0979d0fb5 |
| SHA512 | 8d91af1fa924d02b8bf6d5a9519b87ace930f876c7069098bdc2949061b28c13c897cb7eac1264ff43c81e31fe273869bae317b6a251e3d43a53427eeb8f1572 |
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | b4dde5c570bba1a9ee930dc8a0098411 |
| SHA1 | dbfa75d2fd688c87dda160e5bbbb8c755d7d3f74 |
| SHA256 | d18531cde0b854ff989712988d972d6a9ee725424f4d3f8e0aa7f214a8c53d77 |
| SHA512 | 714b05d8dae82d7ca306495a51b8e32de8a709ea6b42c0daad91c6253e517b0bf431e4177908938a25797bb465342d1e9f1435bcce3329aa55f1e11003338bc8 |
memory/3544-1105-0x00000000058D0000-0x00000000058E0000-memory.dmp
memory/3544-1106-0x0000000008340000-0x0000000008350000-memory.dmp
memory/3544-1111-0x0000000008340000-0x0000000008350000-memory.dmp
memory/3544-1110-0x0000000008340000-0x0000000008350000-memory.dmp
memory/3544-1109-0x0000000008340000-0x0000000008350000-memory.dmp
memory/3544-1108-0x0000000008340000-0x0000000008350000-memory.dmp
memory/3544-1107-0x0000000008340000-0x0000000008350000-memory.dmp
memory/3544-1112-0x0000000008340000-0x0000000008350000-memory.dmp
memory/3544-1113-0x0000000008340000-0x0000000008350000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | f0c17e2ea00d1bda72806f7d2bee0bd7 |
| SHA1 | 380ea84fc0158a2cc53e492ebe78d46c05f6dcfd |
| SHA256 | 8fbf75cf2b502c0aa3d1ac8d0042fc5620415d5ec930e452d4a9728b6118e904 |
| SHA512 | 443689f836335e77458c4a090066ece901fc99e5fc217045622ab958d0fe0e4e83308790d947667420ff35f5b5ede4b8ed53d76986eb26773a7c53e7aab09e03 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
| MD5 | d0c61253e3ceeb119fa9eb82bc68eebb |
| SHA1 | 028ecd4c501768d57ac5fd13708a67eff0f63ccb |
| SHA256 | 6b877254fc5a61be58dcd3f57b714a13a19e4f593ae1cd4a528d5728f4e4dceb |
| SHA512 | 867d476050c280a414ed2bb8dd39e78520d0626ae6a96c174981e0c7d3f8e9ae9c5ae4da9126c5935dbe9db719bcac1b024004936ef3d6b1c3ce945a207cb42e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
| MD5 | 4f16732c3a913783d08901805b2da59b |
| SHA1 | 500473468057a58bc45a64fc343b6f6d82f96ec9 |
| SHA256 | 0fa0a47a96db5faf96aaa3da2f27af4b0131bad3b9a998554aa6097059feea3a |
| SHA512 | ee5861fc6f927b86016868bc0e30d36401afa39f9be9702bc4c57aaacdc2e83df0766c7cda4794251484b21e5c7946892b4d633fddbd58dc9449d938ee7838c0 |
C:\Program Files\MoveOptimize.dotm
| MD5 | 31d5070962169420984db249e4a7b327 |
| SHA1 | fe0a8c857764199bfff736cc573cdf84244f8274 |
| SHA256 | 2ea6449b54d71972c14ec3b081ecfcbf6dcd68faf9b77437ec98fbf40a28b6c5 |
| SHA512 | bffab2a3f452762ef34d95484042d2a810235db6b6fdbcfb1991de3718ed4aec2b00d854dec82f8f5ff9a90bdff1888e5944ff50b634097a71db6313803bdf72 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalState\_sessionState.json
| MD5 | 6da9978b3c1d2ce97ec3912c11cba0a9 |
| SHA1 | 1e1c095c35a5148cb44e078cf35bd75fd3e27b79 |
| SHA256 | 5977a6b1614e855535909371271e0a2d08a08aa6330407cdf70b0dbde4c277c4 |
| SHA512 | 22815edd3557085a782bef7fbb6b6986b9422172e19176cd44cb0bcd9aa1c6851c15b8168ee783d7b1fd53ef62e59295a6f77eccd72cd7a2366f50ca8c956d6b |
C:\Users\Admin\AppData\Local\Temp\7zC8BEE0E8\Uninst.exe
| MD5 | ad782ffac62e14e2269bf1379bccbaae |
| SHA1 | 9539773b550e902a35764574a2be2d05bc0d8afc |
| SHA256 | 1c8a77db924ebeb952052334dc95add388700c02b073b07973cd8fe0a0a360b8 |
| SHA512 | a1e9d6316ffc55f4751090961733e98c93b2a391666ff50b50e9dea39783746e501d14127e7ee9343926976d7e3cd224f13736530354d8466ea995dab35c8dc2 |
C:\Windows\Installer\MSID588.tmp
| MD5 | c23d4d5a87e08f8a822ad5a8dbd69592 |
| SHA1 | 317df555bc309dace46ae5c5589bec53ea8f137e |
| SHA256 | 6d149866246e79919bde5a0b45569ea41327c32ee250f37ad8216275a641bb27 |
| SHA512 | fa584655ae241004af44774a1f43508e53e95028ce96b39f8b5c62742f38acdf2b1df8871b468ac70c6043ca0e7ae8241bad2db6bc4f700d78471f12bb809e6b |
C:\Windows\Installer\MSID615.tmp
| MD5 | 67f23a38c85856e8a20e815c548cd424 |
| SHA1 | 16e8959c52f983e83f688f4cce3487364b1ffd10 |
| SHA256 | f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40 |
| SHA512 | 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d |
C:\Windows\Installer\MSID636.tmp
| MD5 | be0b6bea2e4e12bf5d966c6f74fa79b5 |
| SHA1 | 8468ec23f0a30065eee6913bf8eba62dd79651ec |
| SHA256 | 6bac226fb3b530c6d4b409dd1858e0b53735abb5344779b6dfe8859658b2e164 |
| SHA512 | dddb9689ad4910cc6c40f5f343bd661bae23b986156f2a56ab32832ddb727af5c767c9f21f94eec3986023bae9a4f10f8d24a9af44fa6e8e7e8610d7b686867b |
C:\Windows\Installer\MSID648.tmp
| MD5 | 0e91605ee2395145d077adb643609085 |
| SHA1 | 303263aa6889013ce889bd4ea0324acdf35f29f2 |
| SHA256 | 5472237b0947d129ab6ad89b71d8e007fd5c4624e97af28cd342919ba0d5f87b |
| SHA512 | 3712c3645be47db804f08ef0f44465d0545cd0d435b4e6310c39966ccb85a801645adb98781b548472b2dfd532dd79520bf3ff98042a5457349f2380b52b45be |
C:\Config.Msi\e5cd7f6.rbf
| MD5 | 21438ef4b9ad4fc266b6129a2f60de29 |
| SHA1 | 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd |
| SHA256 | 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354 |
| SHA512 | 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237 |
C:\Config.Msi\e5cd646.rbf
| MD5 | 6558eb36ab644d0a7d7648607ce1956c |
| SHA1 | 83d11889c36dec322d97170eb04e5d1754c5b09a |
| SHA256 | e1f47177283794ed5315e76569237244f14f5642bb128af16a0b064a092d07e9 |
| SHA512 | b4c57f7d71a726729544d1c4ca0501a4f44e0a4d6000cd420eb12c3b07201fb107ab0a31a5fed787d40e62d140bf587973425ec59b758df0d3e4d4ae3e7d989a |
C:\Config.Msi\e5cd647.rbf
| MD5 | 724bb916ad8f67d35744f4c1c4a7fc4d |
| SHA1 | 322c71f81fda465cd614aa9a6a73449a242f8fa5 |
| SHA256 | a99d7cc2b7fa200bbe09487dd7415e5c65e3dc097a2c66345e50be5b153981b7 |
| SHA512 | bcf18ffc2285f7fa7ab43b3caf3b34f8986bcda30ea6442c60f602f8884bf25946aeafa0d9a37b7c7e10b39ae35f8389af00dde402b41de1c17b1ec0cdae0b64 |
C:\Config.Msi\e5cd645.rbs
| MD5 | c86bee3b4831f522711e292d0a90c1a3 |
| SHA1 | 0badf9e3abdb3665fd5c8382372c28dd47c2b374 |
| SHA256 | e78dd87baed38fe4bc3f61b6d8139515452ea2ffa8386153591cc66ba58a8494 |
| SHA512 | 7edebda272a4ba9841cc68ad4238c425bab519b46369042202d0f4055aa41cf2a7c70be5d9f775655810aaabd3aa2e9af43271d43e9b9db99113efef69ea28c9 |
C:\Windows\Temp\{BF94598B-B5CD-404C-8110-11CD8AEBC3B5}\.ba\bg.png
| MD5 | 9eb0320dfbf2bd541e6a55c01ddc9f20 |
| SHA1 | eb282a66d29594346531b1ff886d455e1dcd6d99 |
| SHA256 | 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79 |
| SHA512 | 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d |
C:\Config.Msi\e5cd7f9.rbs
| MD5 | c6d0bee2871ae551e99f748bcb3938fb |
| SHA1 | 71193fe016ebdef78f7054f9c3e1304ac79e3528 |
| SHA256 | 2d729c767da5e37f6b1d492783f73d6c04d17244da6772691f316e2e99f227e9 |
| SHA512 | 85c8f1c57f3a9bb2a72a6f2767f8b1dfe3efa4529decb1435d2829042c430401e2cb3c94ae27388660c8ff7956c12352d6758c56830cf72fd0438c7b68677f6b |
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
| MD5 | bb6a4ec007fb251f4891f9782067a9f8 |
| SHA1 | ca3c13644794eb8bf5640d19c811c693a5aa9029 |
| SHA256 | 8a024c98cee15a0eabee880947f16ab9dda59b37cdea1442ed14368fcaef02fd |
| SHA512 | 91d0eb8fe07cd72868bb469f746bb4cc3eeaee6f495458a7d9dfd3fe9db86fa007278ff3014172d0b59563a47002c030ef4823c51d36d05f2a5b3673818c7a68 |
C:\Users\Admin\AppData\Local\Temp\nsa2EA5.tmp\ServicesHelper.dll
| MD5 | b9e8c2212ac8dae4b0eaf97c048529fa |
| SHA1 | 331d172323480b0518abdb0cc9e256dc7f46c357 |
| SHA256 | d6f6758adac2c073bec481e8de762af3a5574789bce3f43de02356afc9911e0f |
| SHA512 | d93aa032e27c8268a4f6883711cf41f7ee2b5d33673a26d78db24456f2c548af39b7b98ed4b4737245c278d524fffb3e4bf708b6815dc866acd371427ff6be96 |
C:\Users\Admin\AppData\Local\Temp\nsa2EA5.tmp\System.dll
| MD5 | b361682fa5e6a1906e754cfa08aa8d90 |
| SHA1 | c6701aee0c866565de1b7c1f81fd88da56b395d3 |
| SHA256 | b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04 |
| SHA512 | 2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9 |
C:\Users\Admin\AppData\Local\Temp\nsa2EA5.tmp\CityHash.dll
| MD5 | 2021acc65fa998daa98131e20c4605be |
| SHA1 | 2e8407cfe3b1a9d839ea391cfc423e8df8d8a390 |
| SHA256 | c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14 |
| SHA512 | cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948 |
C:\Users\Admin\AppData\Local\Temp\nsa2EA5.tmp\UAC.dll
| MD5 | d23b256e9c12fe37d984bae5017c5f8c |
| SHA1 | fd698b58a563816b2260bbc50d7f864b33523121 |
| SHA256 | ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c |
| SHA512 | 13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e |
C:\Users\Admin\AppData\Local\Temp\nsv2F70.tmp\ioSpecial.ini
| MD5 | e40fc0e53ac95d5cfc463301c4410179 |
| SHA1 | 0a3f0969db3493853cca5b186def90e12f142587 |
| SHA256 | d28ec5eef94b49cfe1a05aa9b458e2d2ee49db6c3fc530b7228d7c948673382b |
| SHA512 | ecd8121f9e778a9dc72d84d52a3f97c282cac11643013d4aa0a5dd0374a43bac2ff7aa22152772719635f2e481ae3dfebc26e319d7eff2946e3d48e972d136e5 |
C:\Users\Admin\AppData\Local\Temp\nsv2F70.tmp\InstallOptions.dll
| MD5 | fd249bc508706f04a18e0bc0afddec82 |
| SHA1 | b94efda9f41c89fc6120ed385867125d03f28bea |
| SHA256 | c34f095e200db420ce9af5489c3e392be285e43c3f4c9fbe34686b1f0a1531ad |
| SHA512 | c820c06ad5ae21101602d9e7864fed9b470b25fa9a0ee025d05e72697d88c7e03cbee7ad476f4e3d5b6e467248b8ad1fefa2710c76011e2156b85068961404ba |
C:\Users\Admin\AppData\Local\Temp\nsv2F70.tmp\modern-wizard.bmp
| MD5 | 49ff8ad8f51875597f3e919e8770c24c |
| SHA1 | 1e840ce0f68281e312317bcbdbc10fdfcd3959c3 |
| SHA256 | 76da716588b8e51e36ee7a674cd873a8069e27fef73851d1e190face5a67fc66 |
| SHA512 | dcf29bbef46b1bd8d9f6c6221955ab06da23bc6661c603c188ce34fed80984a3b6d2006ab38b49aa9d1908d714cc0f40e63b6230244e4d4a0c9baebbbda1ddb1 |
C:\Users\Admin\AppData\Local\Temp\nsv2F70.tmp\BitsUtils.dll
| MD5 | 8dd17c172a24ebf9601308b949a9ea22 |
| SHA1 | 507e586c9f69ddc7e58442631efc44f3fe58089c |
| SHA256 | ab77c0a6c79e76ab0f509d655273b2ee5c682c702217f4f884bbab3d2fdfc4c0 |
| SHA512 | 7de5a35771ac8ead2e3096de29bdedd8e94696d35dc304388c1cff2a14bb264e389a576dae21aaf9cbac79de6c99606b61f1dc5f0ba35fd261b2f5553d389e59 |
C:\Windows\Installer\MSI3094.tmp
| MD5 | d711da8a6487aea301e05003f327879f |
| SHA1 | 548d3779ed3ab7309328f174bfb18d7768d27747 |
| SHA256 | 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283 |
| SHA512 | c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681 |
C:\Config.Msi\e5cd916.rbs
| MD5 | 47a1915d5ee82cea5799684955dddf15 |
| SHA1 | 39e733cd9c7da6ac3e858adb7165c081cd9217c6 |
| SHA256 | f1f450094f65d0e387d7bdbc51dcfd4d78656348d7e2b7900574ed5d78a81302 |
| SHA512 | 77b408233285f4c5f0dab151aea196458a87389cb8cd84aa73532c272746168d23228ff726edcf8e28c8fd975dc1a231b1644682e7fec5b551268ca8e58f4171 |
C:\Config.Msi\e5cd919.rbs
| MD5 | aa105e10bf6a86edb83b1a39162eeecf |
| SHA1 | 14792dd7d2b7381d40038ddc1fdabe4e2c871c06 |
| SHA256 | c20f1d7545f67c66325ee26a097fdc51eca3bf2d125eb2263371e5f4553f2124 |
| SHA512 | 430e3ed6816c31b4e2f3fc2818a6097fcc1f39c3f0425076ef83e5362861138f836ea44bb059b8bc1e14f12c2a18e9d1862a1aef92f255ef59baea33069b28f4 |
C:\Program Files\Mozilla Firefox\nsn35E9.tmp\firefox.exe
| MD5 | 94ef2fadc18337ed24316f0244bca697 |
| SHA1 | d903ed312a4220453c7d336cf4b6a8b7ce9bd599 |
| SHA256 | f293de7a58dc35a39df67d982301b0dd8016162a4188cf73d74adb15062d7524 |
| SHA512 | ae3b5bfb1188ce5c6cc317fddd4e0e39253b95aa9df3232fd88a9b140f3cc9831ef2cc54c8aa960b43361eb8a88b0ed6cd1cb0990b0b84e3edfea2298b2db2c4 |
C:\Program Files\Mozilla Firefox\nsn35E9.tmp\IA2Marshal.dll
| MD5 | f6c251368d2ecbe26d78dd0087dc29d0 |
| SHA1 | 7a52373fcd0545c7945ec5ad33a3294ef4d7adbf |
| SHA256 | 4ea93aa8d5ea91e73c5a579a3a2154932b50ac3aa6170251d964726a853e7ec5 |
| SHA512 | 2043300b58f009a5cf6f2bdadfaacd723742fa34d6a8c7528119fa2e6a5125aceb1107b7b392f94b20763ee70eac731bf922eeefb8a9bb12c67f2a3eda6ccebd |
C:\Program Files\Mozilla Firefox\nsn35E9.tmp\freebl3.dll
| MD5 | c19f51b89ad2cec296f976aa67631ad7 |
| SHA1 | 51ffd2b698a34d935b7653959c5d6ac21b6c739b |
| SHA256 | e540e48084d8c8f4ae7a136c44170ca2336e27c21c3ad69e361eb79f88432593 |
| SHA512 | 0bb68147cda4d8df36480aae44674b9ae17248e10e538cfdf2f3919dc9c518559c5b214e5afbb5f80c4aefd2df56d34dfd674b312666e11d6a367baecbe7aad8 |
C:\Program Files\Mozilla Firefox\nsn35E9.tmp\default-browser-agent.exe
| MD5 | 46462a56ff00112e5b44f421ab18c908 |
| SHA1 | 5a058c946477e0ba206ed44f79664f7648c00272 |
| SHA256 | 0296cdc02a167b5443339e45348202e6e3f643caa6b3ccf5b6c0eb4457c4750d |
| SHA512 | 5f46ea8a85672aa0a1ac4f252f9a2e216dcaa2a44dc0d3f2191be9fd57ba874b1c1b571471b0a498b84d23ee450301d7eb14f6e1ee35d8de5462c7a1175b0287 |
C:\Program Files\Mozilla Firefox\nsn35E9.tmp\nssckbi.dll
| MD5 | 42dee40ae1fdd368e2013ac147e79c1e |
| SHA1 | 0f4ab1e0686b12f4724cc7c0f78104310a8c5e84 |
| SHA256 | f601e66fda1c8d0059667b76e97ecfb3abf8aa12d5095a0db916857ebc75ef81 |
| SHA512 | e0c2b8e040bf5760fefde6179a21a291905debfa46ac5fcc00e5b906889eef10f41374fbe9472d66bafea714950b3831810d3214b48f6d6eb3f6690e27d41630 |
C:\Program Files\Mozilla Firefox\nsn35E9.tmp\updater.exe
| MD5 | 3e94c46ccd48ecc8feb0a0bdf6a65f05 |
| SHA1 | 657a32b95848b1e6aab6677d4251717a6cf5c50b |
| SHA256 | 043a16e78a63a5a63b2c41b7f13920a3d4776d5d163af57f5e05604c779b2f8c |
| SHA512 | fb38354a98994ffd6d79527bd20f5c1adc957b9aad51e2e766e66704281b9118d94cce33b83cb3885fbb3b1976d949298f27bf524af158607a7b690b8d247d05 |
C:\Program Files\Mozilla Firefox\nsn35E9.tmp\pingsender.exe
| MD5 | a6c135cb83ac8b3843093954f85904fa |
| SHA1 | 05092e8ab996ac25d95447ed5504c2cb6ac50181 |
| SHA256 | 63b9e90c1a62d72b9bee84ead5988c59e2f764c347ccbc52c15d25935b2e885d |
| SHA512 | ff9e99be5ea9c8bdd8e065288bdaed1f8fd14ce8fadd2078f32ebaa1988f0d11a8382d9b55e44700a019495ec81f5b81284bc8378e23308a6114d634f931db1b |
C:\Program Files\Mozilla Firefox\nsn35E9.tmp\mozwer.dll
| MD5 | 62f0fa43eca5bac352fa7929fedffa40 |
| SHA1 | 85e034f9832185422e9642683050f0bb9b54229f |
| SHA256 | 9612373c2dc666dcf3bb25b0e76a2a4b9ccf3a0ad15b30c7a72b688e3a23eefd |
| SHA512 | 723001b74c2d39038a74b3dba6f3bbf688001c66726d8ed6e6a3375eecbe88209a06cf6fb6c60775dedc9a838f96c1cd785c5eb235764c76e90aba90315a6779 |
C:\Program Files\Mozilla Firefox\nsn35E9.tmp\minidump-analyzer.exe
| MD5 | 67c562e98bf72cb1fd44b090860ada5b |
| SHA1 | 59e87c41e62f3d2570bb6d67bd50af78e7476b95 |
| SHA256 | ed26aee96713f18b86a56dda7e5595e7d6354bbef982f7a3ea4386a0a862ebeb |
| SHA512 | 80d0832cbdc17808b0af2bb709a88ca779afccf6fa95b2cb50fdad5830fff3e0e07fa97426039a8cf7ba6ddaa38e1415e6299ca1a0b2738de14447944aaba3ef |
C:\Program Files\Mozilla Firefox\nsn35E9.tmp\crashreporter.exe
| MD5 | b53b154cef8f2fd9d0d640869d3e93e6 |
| SHA1 | 9c0ab7ea71c44f4dd9102ca9db31c7f0b4eceef3 |
| SHA256 | 46c200f82ac3ecafa06d4997a21f01c7c40a207bdf3c241a1d0929eb7ca1c0a2 |
| SHA512 | 65cf89f0b3927f5aee033c2a6ad8c956a38821921a93ad7cf1f2b765a7cf497a7ee5e44d97da03a60609348ffa91c92a6e43b5d4ff8995caddd72865d7823f64 |
C:\Program Files\Mozilla Firefox\nsn35E9.tmp\AccessibleMarshal.dll
| MD5 | f67c1e4920a5482f7ae8c56c188379c4 |
| SHA1 | 92642319f4254011cd2e18a480a389dd7fd2d2ee |
| SHA256 | 023f747692e6ee26f7b4948c36da325e3f9fe528869fbafebd80c1549f496054 |
| SHA512 | 20674533a8b5764073f2a624e0f73b0e09f8cde9978f0499309a0a088a15c3eac4958f40cb5ed6195f4a03e001f823695bb9feb4ac2c1955e59a7cdbc92e75e4 |
C:\Program Files\Mozilla Firefox\nsn35E9.tmp\AccessibleHandler.dll
| MD5 | a86004cd9f3387c116f7f8fdb6cd5655 |
| SHA1 | 86396b3d596956977112d4d6b886e553227f668d |
| SHA256 | 38cae253110f2d2852a7616ef337c11495ad0801a2e549216bb34fb1d2069962 |
| SHA512 | fd8db274fd98ac836b0be8e410b17ee12ec29fdc13964310d8dbbd4b69b9cb71d796902c327b12b966be8fced311d3fda9e816e012a3a8906922d7cb67d769ff |
C:\Users\Admin\AppData\Local\Temp\nsv2F70.tmp\modern-header.bmp
| MD5 | d74f354a7dff27324b463404f4eec99b |
| SHA1 | c0cd9ec50ef163bb868f574db8ca97ccbaa109e4 |
| SHA256 | bc08eabb8b11b7693ac5de4db4d787ae31fdc9f29f6020536c838793bb2d4438 |
| SHA512 | 09116cfc89e16c0cb104e13292976fe8cb97131f309228fd6488a13d2afff4b902ed490f12cb633be232654ceadaee00f23cbe6206677e61c0a9642c72486c4e |
C:\Users\Admin\AppData\Local\Temp\nsv2F70.tmp\unconfirm.ini
| MD5 | 19313efd31f6576a8ce93ac026ffd896 |
| SHA1 | 4a4ea15e220c46df28bd5bfc8e6eb491e6b60355 |
| SHA256 | 822d328426d827c8fb8529cf17c548f57bf0873df3a4a2286977451c7ad5cc3a |
| SHA512 | 7a4adc9534a9300f64a4f3fc86cd536f700c0e1b0e75cb5578ff422e24bd9f1ceab88e47d4bb088c624521220b1c2cbb1038c926f0b10583ad288e6ebf17226e |
C:\Config.Msi\e5cd91d.rbs
| MD5 | cc9b8753f7bf4edc4c7a3b094fb29c1c |
| SHA1 | d7429c271d415e69f9fe0d2c0598e1808eeedf15 |
| SHA256 | 87c0702d21d0a784c27787e6068e283240ec9bacf327152db8e85a44bed36fdf |
| SHA512 | 13178f1590d46a25668c2131ae87b52abe8522a38d877bfb0ea89f2c6f88c8e4aae2db5f0c2ae833d4ad3e15d074d043be3324e4a782fbaf62f5e5a9b1255230 |
C:\Users\Admin\AppData\Local\Temp\nsv2F70.tmp\ShellLink.dll
| MD5 | fa94d120efb029b43217c66bbc8c650c |
| SHA1 | 1fcf2d76adf69b403b7400681ac91d50ed20385f |
| SHA256 | 5f6f414b412c72b10f49eb92af1d368ede531b58fb200d539fd2b45e371612db |
| SHA512 | 07ed0771d5bbb651ea7421a5f6b08fa234f9cc041315d9360a7135ba12180064fc99a27725385a8ecd3ceb25bed5c00de169f7dabb3ccf6e987f45254dff8158 |
C:\Users\Admin\AppData\Local\Temp\nsv2F70.tmp\ApplicationID.dll
| MD5 | fdc0338e6faeaf6f7c271982e103473b |
| SHA1 | 9a41f7932abe8be7e32c6371f085cf14de355d00 |
| SHA256 | a9dad9fdaae93d10dc2ee346b231913445e731049554b8bb1506827e46f8a44e |
| SHA512 | a766eef11db4c94b1445d1cd70cf1d3b6141d6b3973562e9fa8d81c79195886b884dbc9b9f6952f8a6e8619534a6bf2d615d539d2cace9c8843dc19415051cc0 |
memory/3616-1808-0x0000000000A70000-0x0000000000AE6000-memory.dmp
memory/1216-1809-0x0000000000A70000-0x0000000000AE6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsv2F70.tmp\ioSpecial.ini
| MD5 | ee72decb3fc7f044ce3845e712197ac3 |
| SHA1 | 03462fc539ed9f42faf9cf2f3b74e337513b448c |
| SHA256 | e9fecdb4a7de0d74228e32dfa3d37d16c421c2b9efc3c19e438b5df90800306e |
| SHA512 | 074db5fd8e52b32fbdfc736536eedce7ada57504c52700fba4e6a9831b06483174d639f54afe915c3263cc6c08b6fda2aa051f9a25eb44fe399491d85f85849d |
C:\Users\Admin\AppData\Local\Temp\nsv2F70.tmp\ioSpecial.ini
| MD5 | a533c1bebaa0bcefac9670608504b119 |
| SHA1 | 2217def37e7932592337c505dfe2cd545fef2a69 |
| SHA256 | cd72c8cabd304eb60be7677e1018f74a11c6746c2d789e50952c26e719e0cf04 |
| SHA512 | 49ee8425acb512850b3ddfc932703ee218951c1a56541218568a4cd1b470e72735eccda83f7543d5c217cf0a7ceaff2e33eb018816e25f94aec1be935be3d6e1 |
C:\Users\Admin\AppData\Local\Temp\nsv2F70.tmp\nsExec.dll
| MD5 | 0e584c7120bd474c616013c58d51dc6b |
| SHA1 | 0bc980892341b52985d92fb3d8fbb6be77951935 |
| SHA256 | 7fb626aa05bee1095633a75aeb7895ebd816a98e0aa1581a0154e4c196de5391 |
| SHA512 | aa3a471b3f33c3ffdbe1b1e3c1e5d04367bcab3c16049396a8dd12c5a8317e4b153761f74f39b756dd4fb1806aedc4f1bb38bfbc12f16480eed3fd3087a0d157 |
C:\Users\Admin\AppData\Local\Temp\nsv2F70.tmp\liteFirewallW.dll
| MD5 | f31ba98a8d87faba153eea134968c854 |
| SHA1 | da0865cc1a86a39367f22897e1f9fbf4fb1f804f |
| SHA256 | 708fb54cffb6aea3547fc5ac745d1435ecc814df563bef59ba7a94f57d082bbb |
| SHA512 | d991a2dd5ef537b25898afd7b7e73274a3cb8e6f5fca1621af22ee2761b82baf220aecb0c84434566742e2ab00b2f57a3740ce9831e76d4e1829bac3e044c8e9 |
C:\Users\Admin\AppData\Local\Temp\nsv2F70.tmp\Banner.dll
| MD5 | 2b3f617f22f70710aaf7f27efab15c40 |
| SHA1 | 66c2397748b46c0aa03f0de1d3b1ef0598512f7c |
| SHA256 | 2393ee61dff10c520fea62b5d6dc1c3a559fcad55f5cf15b22e1f408692a35f8 |
| SHA512 | 69295601e8c20a97b512a99afec2609997b589d46a507b2738a6c974ee5b68bde0e56fce150ab1fc4355aa561e8125335378a9c648bbc533bc5b44de1b85b3e5 |
memory/4892-2039-0x0000000000A70000-0x0000000000AE6000-memory.dmp
memory/4892-2042-0x0000000000A70000-0x0000000000AE6000-memory.dmp
memory/1216-2066-0x0000000000A70000-0x0000000000AE6000-memory.dmp
memory/3616-2067-0x0000000000A70000-0x0000000000AE6000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\X3XJMEOG\localhost[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.rqq4fyn_5wxl2sxx_1d63zspc.tmp
| MD5 | 24ebdb1228a1818eee374bc8794869b7 |
| SHA1 | 79fc3adb42a5d7ee12ff6729ef5f7a81e563cd2d |
| SHA256 | 92a7d7d3b0bfac458ddcef07afcdad3646653ba7f4ad048fdd7a5ec673235923 |
| SHA512 | 63764d99a0118fac409327d5bf70f2aa9b31caf5277c4bc1e595016a50c524cd6c3d67924321b0fcad12cd968de1a62bd292151e35fd907034efd0f40b743d6a |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.gbor2_oim9e1ga4szs0acshlc.tmp
| MD5 | 4085b7b25606706f1a1ad9a88211a9b7 |
| SHA1 | 31019f39a5e0bf2b1aa9fe5dda31856b30e963cc |
| SHA256 | b64efcb638291c1e1c132ed5636afbb198031cee44384f3ecf67d82b73accecc |
| SHA512 | 9537559523839e3e708feabe8c04f40236add7d200ec36bad00c10a69337a15001103c17093dcc0d8cadb4713d911f39a6411624c1db4cbf1ea1af272a716168 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.gwbspo4krsclshbfp82tkgq4c.tmp
| MD5 | 530f1945913c81b38450c5a468428ee6 |
| SHA1 | 0c6d47f5376342002ffdbc9a26ebec22c48dca37 |
| SHA256 | 4112d529734d33abda74478c199f6ddc5098767e69214a00d80f23d2ea7291ff |
| SHA512 | 3906427ffb8f2dfea76ba9bb8cac6bd7dece3ebee7e94ea92da5bbdb55d8859c41260a2bda4e84fab7e1fb857ad12a2e286694ea64d00d0aa6cab200fbbf64f0 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061212.000\ResultReport.xml
| MD5 | 4ff41db393e8e710a7dab575b2c8316c |
| SHA1 | b55d9637add1cd62c0b93be10174885ee86c8146 |
| SHA256 | da57866dcaee178703f5c77961d3a21c949fa035d95e131f138e61347a4f962b |
| SHA512 | 9eeb71ae8fe70645bdf274dd3a4f220ee446d1ee16017cd5ff1303e6386674804e95c823bce9536007e1d04b69933f679881c71611508cb454cfb8529a337156 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061212.000\NetworkDiagnostics.debugreport.xml
| MD5 | 74e8aedecf2d4139f0f8db8c55242a2f |
| SHA1 | 6fe5f4c359c2953c42a46dec9cbf5db73abe0178 |
| SHA256 | 2d35bb7094be1d93d90ee3508af59864247010087b55c5b517aaf17edb979105 |
| SHA512 | 09f59e1bc5c44f51cd3e619e1a5a5ef5b299e9b85807013b88b5495d594986f8c3b0e926454807a20d3e697ea43919ff6ca5adad29e7388dbf3a2f659d6ba492 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061212.000\results.xsl
| MD5 | 90df783c6d95859f3a420cb6af1bafe1 |
| SHA1 | 3fe1e63ca5efc0822fc3a4ae862557238aa22f78 |
| SHA256 | 06db605b5969c93747313e6409ea84bdd8b7e1731b7e6e3656329d77bcf51093 |
| SHA512 | e5dcbb7d8f42eabf42966fccee11c3d3e3f965ecc7a4d9e4ecd0382a31c4e8afea931564b1c6931f6d7e6b3650dc01a4a1971e317dab6c1f03932c6b6b7d399f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d3dc76bfb08fce3b7900f43746fc1908 |
| SHA1 | e3b3cbf0eeb25add4dec04d4713e627be537efcc |
| SHA256 | 148db8ed4ab109e0602f59f1c77c79193affac4137d3c855be820439a6b810bd |
| SHA512 | 5b6e668846dd3e435e4e8cd7cf7bae094a4df8dd254e7396ac3a48dba4b22fd20708e4787b4601ef53c2b248cae12c1664e719bbf460335e543a28338dbf149d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a5a6c3071dbf7be8273bc6b746a8c3a4 |
| SHA1 | f5e341797150053d374036a581cdb6675839e13c |
| SHA256 | 75531b4e6719c7f6f61a8ca9b5b12a88421bea28dcec6548a5ce55caeacaab5c |
| SHA512 | dc8dc139c9b8a8246063152c7d6d3e9bc92cf1f0cb562af2e524396ec1080f820bb53603e692e255d00f4d3e729227dcb9dbcbf6226f515b01ca3245fa3d2b31 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 4e97601e2f01508cb436083a13971a47 |
| SHA1 | 18ed7ae9c8be24227f55857429babf4df26bec1e |
| SHA256 | ef76d515ec63be6d02dbfbfcf59cdf3780c5e2766766d9adf9ac8d2c73a7600b |
| SHA512 | e9424a3fb04228bbe5baf43d4b7303feadb8ab48e659cd0298f6747a25d3c655742f1c8a2134cc20c8c80d4a25215d825fa48441a94e4c07fe06e4a23a366b1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | bbdce7283f8c8e7d66ccf5cba06bcfdd |
| SHA1 | c2e2d0145906f8992455ad7819275db251f1a482 |
| SHA256 | ac592c3e751c5521f73447f2f32b6d4fda91635f349431f89f975c1e3208537e |
| SHA512 | b8fa50f8201bdbf43b9065e9a9f0ce5cc1a182ab5da6ce275afe823b3ea4cca84c7c43e7e09ec47523fda2013c8af5081656378326cc148c89eded6dd62e0a37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e40677d0706de9d5c2f2ad37704c50f4 |
| SHA1 | 4278ac07de33d667f8bd991af0d9e074f9ce21d9 |
| SHA256 | ccabcd386c5a1fc0d38b336ccfc50f7509129140f217a4b48c1897790a697196 |
| SHA512 | 056db2b86289282b7e0b8c1dcfc6dd241d962473346a69a62caadd45cfcbb7156723fe7106f56c5aa9d0b846419df81b02975559ba1124e6f67ad39b2621effd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f11589134bee3dd3ce7d7de4c6f960bb |
| SHA1 | 8724fb568f25e1cedf947acd3521a45a5294abbf |
| SHA256 | 102e8bbbeb6169241c887f1f370edc9a4695d7d41a56ef9cb0194b06e341d911 |
| SHA512 | fe7f88bc758736b74cf1f97269e36fd09d3c6402c3648ad6b40bac13b33d9bb85a09d1fde0ae77e6dbc8033a4fc7f828c78c3025e536d6318810b4fdf369dce2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 0ada6a723013a7f16d1aed8c511f73fe |
| SHA1 | 9622190ae35967c95edf2f477ddbcf62597eb66e |
| SHA256 | 7351d04d59f503832cf4d37e869278ec44da6d2ac9616b7e25f76d1ac01c18ab |
| SHA512 | 209b18454bd10fbcb6e2f4e87a9690d6de8f5a677b5a3bf8f5c99c321fe7dfe9665349a8f8886e00b4b4ecab6b7fa7c0e98f6722d2ae614c5d67a4f153e0d272 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 689d7a4b85c4bfd424acb5656e8dc42d |
| SHA1 | 8dda4bf54cbc6cef03a86153339d6ce6d582ec00 |
| SHA256 | f1e40968a4460e34e6b57686311b6e66a2b5f433acf5f13815300bbde8f763b8 |
| SHA512 | 03f1363fb15ab99dd9d3502b66d5aeb717fcdd8b054f53d39aee9d703fbebdd697d61fbef89a05e643621b79136a1db1c3ef4052d2bf02c3312ae45a43efa245 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 63605ed4f7bdf96f38bac2b85e772925 |
| SHA1 | 16f044ee30ba3e41232f800584f27ab49b64b556 |
| SHA256 | acc426d492fef5d0269086e39db834187864d88fd792d04c598e5bee4d801f9a |
| SHA512 | 977a565264c0e991e6af49fc66d445d067d44c885dbe5ac0b0588ce03a68e29b3782497571b89d6f0b4bdca6770d2b4b05cbc9abd8150040694d8d1e87936117 |