Analysis Overview
SHA256
ead2648f0c356193d5440f4835cc638c8c37f563448d8c731b6291baa2fd08d2
Threat Level: Likely benign
The file . was found to be: Likely benign.
Malicious Activity Summary
Drops file in Windows directory
Suspicious behavior: MapViewOfSection
Checks SCSI registry key(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Modifies data under HKEY_USERS
Uses Task Scheduler COM API
Checks processor information in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 17:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 17:44
Reported
2024-06-13 18:17
Platform
win10-20240611-en
Max time kernel
546s
Max time network
526s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\INF\netrasa.PNF | \??\c:\windows\system32\svchost.exe | N/A |
| File created | C:\Windows\rescache\_merged\3060194815\1209253612.pri | C:\Windows\system32\SystemSettingsAdminFlows.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\netsstpa.PNF | \??\c:\windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\642584412\1068689436.pri | C:\Windows\system32\SystemSettingsAdminFlows.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003 | C:\Windows\system32\svchost.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627744388751260" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache | C:\Windows\system32\svchost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 950564cfbabdda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b32915cababdda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3acbb5c9babdda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = be6f74dfbabdda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = aeccded0babdda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\support.microsoft.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 37911fd1babdda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\AskToCloseAllTabs = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdoma = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packa = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b817e3c9babdda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\System32\sdiagnhost.exe | N/A |
| N/A | N/A | C:\Windows\System32\sdiagnhost.exe | N/A |
| N/A | N/A | C:\Windows\System32\sdiagnhost.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9cbef9758,0x7ff9cbef9768,0x7ff9cbef9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4264 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4660 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:2
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
C:\Windows\system32\dashost.exe
dashost.exe {88315eae-b485-40d0-8e196543477392ea}
C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" TroubleshootActivation
C:\Windows\system32\Clipup.exe
C:\Windows\system32\Clipup.exe -d
C:\Windows\system32\Clipup.exe
C:\Windows\system32\Clipup.exe -d -ppl C:\Users\Admin\AppData\Local\Temp\tem7C62.tmp
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\msdt.exe
"C:\Windows\system32\msdt.exe" -ep SystemSettings_Troubleshoot_L2 -skip TRUE -id BlueScreenDiagnostic
C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell wininit
C:\Windows\system32\wininit.exe
"C:\Windows\system32\wininit.exe"
Network
| Country | Destination | Domain | Proto |
| US | 199.232.210.172:80 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | odc.officeapps.live.com | udp |
| FR | 52.109.68.130:443 | odc.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 130.68.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metadata.templates.cdn.office.net | udp |
| NL | 23.62.61.184:443 | metadata.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | binaries.templates.cdn.office.net | udp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.17.251.23:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| BE | 92.123.50.159:443 | support.microsoft.com | tcp |
| BE | 92.123.50.159:443 | support.microsoft.com | tcp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.50.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 92.123.52.36:443 | www.microsoft.com | tcp |
| BE | 92.123.52.36:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | support.content.office.net | udp |
| GB | 104.103.250.6:443 | support.content.office.net | tcp |
| GB | 104.103.250.6:443 | support.content.office.net | tcp |
| GB | 104.103.250.6:443 | support.content.office.net | tcp |
| GB | 104.103.250.6:443 | support.content.office.net | tcp |
| GB | 104.103.250.6:443 | support.content.office.net | tcp |
| GB | 104.103.250.6:443 | support.content.office.net | tcp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | 36.52.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.250.103.104.in-addr.arpa | udp |
| BE | 92.123.50.159:443 | support.microsoft.com | tcp |
| BE | 92.123.50.159:443 | support.microsoft.com | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.4:443 | login.microsoftonline.com | tcp |
| IE | 20.190.159.4:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.17:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.17:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 152.199.21.175:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 152.199.21.175:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 8.8.8.8:53 | 17.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1f01c8551dc3d4d3ec8c503cf91b69d7 |
| SHA1 | 69e7bb42ed655ccc938a212534cc14dbf1747dfa |
| SHA256 | 75631aa75c0b05dee433c22aa14a8d15d88b955e7a85776a863197e66bfc787f |
| SHA512 | 6c8263cfa12b72402802b8cbfbdcd7258445dbf8bee6b024faf553bd14388e7ed3d50231a94d6075a0df199f5bc09b4fcfdbccc3f2be84e30d3b027f18069866 |
\??\pipe\crashpad_3756_XEWBQAWIRROWJDAV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 79f066b2d835fcdc7e91c2dca278c3f2 |
| SHA1 | 6d178918596d4300270278f3a717d5ae2fb2bf9f |
| SHA256 | 05194d125d3d34817c94b4b052ab83904e1d075e150ed2151a8fad6b0cf3423c |
| SHA512 | 0cf04d724ea283550d572d80d2c35c2d2a3312cadebd1bbf8a6a967f39f99034cb1d3c7523a2e0bac77d669ff0d9f5180e31b32d41650d3888fd844cf9a30d64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0ca8e5de583054e1f7c6ea9fb606b584 |
| SHA1 | f6e95d8865eeb488c93c3d4f8529393833f0a34f |
| SHA256 | 750e88120da338af195e532bcf3c99facc87c15a4dafc93fafafaf41c584c21c |
| SHA512 | d217dab715daeb401f1af05cb3406c4b8e411b85253cc5890af1407e905d244e169378d1a1ef2b286050726c04fe74c36c20e4af9d1bbe5c696d29580e7684a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9bb796b7bcd77d3322b86c87843932f6 |
| SHA1 | c962426cbbc1b7f3725caf0d3be0b9f7e7f39c6b |
| SHA256 | 95a5f9b3a07bf8d0f275ad8d0ee420d5e77683943e04a8652fd63bc083b2a8c5 |
| SHA512 | 1ffd07fcdacffba1d6a2acf910b86023caed77de151f4396ca5b6f94284e5535e6e522426e99cdb59def97e429d65d2032c4d88069cd476cbab7d129596de794 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c09e8be1870e33ef054033fa039743ca |
| SHA1 | 7c90aa2b21ea3e9c20969f469a9b0bd9ac58cd6b |
| SHA256 | b4e9fb28aab0dc95c678492c4c186a6ac2def27a4c7d9f6d722cb2953012286b |
| SHA512 | f0d032727d9bc13cfa677ba9f4ff7421831fcdcc3611835ae4e25ab44953557885bccd327e1c9106624f565555f9c286809ed1cec34daa8fbb72e06f2bbc13d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | da54e8d72190d28ff8446ea719deb534 |
| SHA1 | 505e3c9d317f6a19f70229c1d26396bce59e7e8d |
| SHA256 | 8b1da42c9c351a5af3e7dbe7f5019541c4e82e6c1928911b7379baf6f8743179 |
| SHA512 | 5414edf99ae2070bcacd8d3895d8f15a801d888e6d9e6b897f1b37296cd9e2be2db8d0f1529f7654fe9b7ad6977b391732c1d9913b7ab0959bed4bb6285468c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | db47f6b6d3635a21a68200edc09bd2e4 |
| SHA1 | 2c1a722332f837a48294c7ecb0c76f441f784d61 |
| SHA256 | 001de4e4319ee0c3d4d8e2d1adf66cf08a076e5ca4f15015fccb813c214e9a8c |
| SHA512 | ae908d1adb971465cecdf6df0d6f35b771c4bb68f91144a29bb03aa126b9f03ac4066999d2e0907aad52ed06109e62d1e8d798f39db51e3b91b2437c8a885583 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58dcee.TMP
| MD5 | 96e7237e2cd7a13c77a7ce0e661dcf59 |
| SHA1 | 48c237d996afd943bddebbef9ce31c2901f607e2 |
| SHA256 | 8ceb1db8fdc22fd001253a22bd185194ef3593c958c639b8636f9e565029f23f |
| SHA512 | 875c11a1f18bd20f5fbc589b0cfa4dea8ee297f974443a8d5e5f7196cd46f7aece85052d0bbf18b4c5aaaeefb5cbae0a519104329db296370d05e2e3080c9735 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 22845a4258d3d2b1a98b3c1be1ff2975 |
| SHA1 | 75957287c032e3f60317231a6ecbdf709c70d5b3 |
| SHA256 | 1f67f36a9994b27dad3871655623bf73d316f2d564029472628701318dfd65c9 |
| SHA512 | 2992f0835061c5853dc8810d075aed650c678674abdd8dbbf2da66b6630015c556db3f1d4bd697fa7dcc5db2f5c8a33631b6bfdc1bbd164ecdb7ea7024e87907 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 108fd0d5ee5368823e29027fc018e588 |
| SHA1 | f1101da18f77de1cb1a73460dd354a9bfad46758 |
| SHA256 | 0e04db76e8c8161cd3fcfa1e1c7143980589f6bbbfe68ecbdc13669a795977b4 |
| SHA512 | 77493b7b4b942f97715983f210e8fbf233b763968a05f9187ec524819f1e5e0450d9e3daba97a41d60393019fd6400711cd70e14ad1feb7c7e1816dc13a3be42 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3cd6ef826ea9197d9a5d6085f4ce8d1c |
| SHA1 | c8287734507e9f6a0524d3d48b94194e8d27ceae |
| SHA256 | 3d6f7588f5d51bccb8af75bd94bfebd9c3b2c2b9e941ce1e8b1b2c4a8fe9feba |
| SHA512 | eca7a4fd580879d0dde99b9386c46e53c5abeb1f882de2ca7649bffd8ae885d2a4b1d9066d872ad2c70855cb8986f6a5de7cad24faef393cf7b0bcd68bff3e8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f7baab6dd719dc641a7983752324cf65 |
| SHA1 | 0ad68b254a040763d94b7837efeaa7da608a7ed4 |
| SHA256 | cdf19c5920ad82cd1131ba2376bc6c4c6d2f2dbd58eff41bcc51176383203821 |
| SHA512 | 0a84a83baed1a3ff6c3214b68320698a72b2994201a8e964e003c49854481cdcc56100730a7b5a7fe59fb174a1ef306bd6a1c1bee8298c49df16012ec18ee0f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 180fa20883e767fae9bcd30d8b4505aa |
| SHA1 | c560d22169ceae26c28c8419e8ccaf108ef8db48 |
| SHA256 | c37e713a98fc8f76e241e662104a9ee61406fe7c20559653906bea55328f5406 |
| SHA512 | 47bb6e991722e2d000dd1e87dce1027000440e33ab1d214bec9e3d29e6c7afc30d138be09e7dada69f80d3594c40ea2b1d35eea8933a8e1eabd9b4c0f802ae77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a0233a1da12469537b5e0bab45af4e24 |
| SHA1 | c99b44ba6174e6e61c8dcb52404f905e76fd52e7 |
| SHA256 | 3e446a69f347db3ed8db8430a6822b1ecf1ee3c3240995772b4a626a0bd432af |
| SHA512 | 8e05a0c13fd8325fadca6b8e036673a335e92943d1b101e5ca4f509946f5b5c159151851b86bc6c038624ff277f0a0e7ff9fdfbbb417a7da8a470c2545d0e50b |
C:\Users\Admin\Desktop\DisableStart.svgz
| MD5 | b9e28351af1625a3b7c53e80629b9d57 |
| SHA1 | 3aa9be9ee5433380fb60fdf689492f8b97178f54 |
| SHA256 | 0d1f5f9ef58f024ebdcff174042f9af8f9a4097691d007e96a9fe3b832ef1643 |
| SHA512 | 6fa961ebf813dbc5b2a07a80bb8272263e652c85e7af26d1bb01ca63934374b8d3daf6d7f61d195160005128cf83106d59b453b5946286b035bec33dac9b8e7e |
C:\Users\Admin\Desktop\ExitPush.mpg
| MD5 | 6b59a5552324297fada4b054cbad0992 |
| SHA1 | 43552f5e0b8d54926402eea8f85d664ed813b001 |
| SHA256 | 1cee69730ba1b0da0684da772d94d7fc403a75df393d7eac83fa35767eb8424b |
| SHA512 | 90827ed7fdee617f5c39fde8cc90f7de3e3f2b2a091f9c22845a4b408d1506db94107de7e88f6e436fa618e0225a449c0bd9437736aabff63eaf297979f04f8d |
C:\Users\Admin\Desktop\InstallSplit.htm
| MD5 | a98dee1758074139d607c1938925ef43 |
| SHA1 | 5fcd10bc5ad48a77face595ff04b139a8d70d0d7 |
| SHA256 | e2fd84c57f6426cb64dfdd0c7539ed0fff222a7842bbde2dae93014a2b0d3a75 |
| SHA512 | 0d9ffadb13a96e2cc09ef3ded563e29a3aa7e24ad3a40a9324a385230a95346d0d57b521722763b263da3bb8a9743d9fb3a8a090206c0ef9f7d55d3166d6b104 |
C:\Users\Admin\Desktop\LimitConvertTo.midi
| MD5 | 3c3b423373d0cc3d1f02691aa2835289 |
| SHA1 | ff6ebb8ab5bd97299a2acaa4ebb1d3bcd7b28044 |
| SHA256 | fe47a2b82d2dbee3ae8436640e03621bf7071274f13b32f55376f311ad8b1dd1 |
| SHA512 | 1d179303ef43718e14f7f398b40e3f99dacee7121f1c1ef04069d16908bbc52b9e93fd6f4a49b68ba448edb31c387a872974822031784bc172cb9f8c1618a0b4 |
C:\Users\Admin\Desktop\OptimizeFormat.odp
| MD5 | 37d4d1fc043475b1f26aca56aa6579dd |
| SHA1 | 5516448691a6dc7f8f3f3a15012fc439b475b678 |
| SHA256 | 4754f5831d1aa9ebddcfd4a404b5cc1874cf51bb553459acb5d3f227894a1022 |
| SHA512 | 1b4bd9333184176de136f57e68d799959ecfdd0ed3bb58305902bacaa7b8eabb141c1cd81c04379d3c69893f852da39b8624b6a93c33dfe33fbeb21c68b1d531 |
C:\Users\Admin\Desktop\RemoveSearch.wpl
| MD5 | 428a80dedb995689ff921f7cb9b43f9d |
| SHA1 | d6630db4f0f8fe6da9ba651caf58c4883ed31ff3 |
| SHA256 | 255e5ea3f2261e09e82270f6fcf4c79b55eba71641c64ab563096ff3ecd7e620 |
| SHA512 | 39647a514891e46f798cff1c848d0a8b9424f728daaa6d65908b79b5eb684b1bf6659ef20769d4b6c618b5d4dae7610e9b56023372640f148787fcaf33c9ae20 |
C:\Users\Admin\Desktop\UseFind.gif
| MD5 | 23e6ea0f5c2ea06f80256a7750f63d79 |
| SHA1 | f9cfd192975272d573edeb1432842e0075309e09 |
| SHA256 | 36bfb616363266a671a4848808f3cf71ec4ab093fce8ee4de4c16b2734d16bfb |
| SHA512 | e7d34833942c0c42aa91a7281f7c56d4b6cf28bbb6cbb54761d2643f35c11172b28d22188781f13770373004518ed35d965ca7f27b185ba4bc55c60ec63a34f2 |
C:\Users\Admin\Desktop\UpdateOpen.eprtx
| MD5 | 611380cb8771c501356d4df08d8b6f53 |
| SHA1 | 48921c7e8bcee125add6bde63374740a742f5651 |
| SHA256 | b52ee52772a883a71ebf47362cb91f8ca18d1bc703901e68997bdca6a6f396b8 |
| SHA512 | 22a1f3b028074e291d5ada11d8ac1eaac1b54e2be80503f03916f86cb465dfa44e34760cdbc431169df2cffc4021e3898d3b5b0a24ebe984d68343e769eb6017 |
C:\Users\Admin\Desktop\UnblockPop.DVR
| MD5 | 3e35ce063ca331fcba31c64e22f93759 |
| SHA1 | c06a47f19c43dd04cbe217b7424ab82ac45fd4c0 |
| SHA256 | 79ea4bfff4e8b13f7248119647809c94b8b66e0d1a40bdafa57c174cf71aa256 |
| SHA512 | c593ef3541b3c7fc20112d14f5b72bf2e9bd13d24fe45d966f90723b10d497fccca3d9d649ae0f31278df129e745bade88bb2e5c0b70ecf4eff681cafee093b6 |
C:\Users\Admin\Desktop\TraceSplit.mid
| MD5 | 5460e13882518554c842c3e114011b3b |
| SHA1 | f7d16e61fddc18e766764cb454c4131c6c8f2ad9 |
| SHA256 | a49b6485cf6f7947f43a2b143dfc06ebb0038940ffcad7ae8317896e52a5068e |
| SHA512 | 9f404d0cc594b0ce7bdbe14dd0936d2af49d46714db1addd83e8a4c365f71fc3fe8150c5f100e2d5a8d1b9139aa3f1b6035cdac08891e76061bb265ba47eb8ab |
C:\Users\Admin\Desktop\TraceRestore.mpa
| MD5 | 155f5cdc3e012b88e8bf791b94422f3a |
| SHA1 | ddeb211403eed3758f7d8636b66e1198245f6ce6 |
| SHA256 | 8c4e5cc0228ffd325106bf454ef8b5aa4f32f3feb7a9aa282675457e41c7010f |
| SHA512 | 4737a70a7330f0b149073cd07cdfea437575fb1c54ac6cac232c3d5b6d1678ad27fc88ddbbc01d8cdde68e947ffe56aa744d4b4112cb15ffd0321d19601dc136 |
C:\Users\Admin\Desktop\ShowOpen.jpeg
| MD5 | e4841ac38b9fdeefb6ed9ad3163491e0 |
| SHA1 | ff4d6b73c79fd8686e65464b886c69ea89ba8737 |
| SHA256 | 8d382fbcfeba827ebcd58f4d26a252237a86b52f5dfa26ab4942ec5e5541c204 |
| SHA512 | d74c043e6d593e9fb5b1966fd7ed8dea749eec7e00d8d4266f3a0d0f83838e0673e8e34fc1af38bdcdcc6ace3ea1c2a0b541e1ccc1111b049912a3724642bedd |
C:\Users\Admin\Desktop\RevokeStep.edrwx
| MD5 | 2d1ee0a1270f0754d91bc47662d779c0 |
| SHA1 | 11277bcd79998575c5cecdafabb8da6bceb4b625 |
| SHA256 | 36c3fdf2b05bff5a6e2d36d0e79539b763bfd4d20e377b7c48de1560c7496a1b |
| SHA512 | 327feef99d0d2d305998c42bd61528d972e47cf5cbb0291c51d64eff9a9d38a81e3433da7fe1853cbc4578e8335ef18ba813f95680fac868fbec3dba2b34cf36 |
C:\Users\Admin\Desktop\DebugUnblock.tif
| MD5 | 3756e7944632fc3544a5dd420c3d72d0 |
| SHA1 | 5c15ea31411c6b4db762c54b3e84d5f2fd64e925 |
| SHA256 | 2bd0697335977f3017b197fca5d70bf6104eacc668653fd055593f6d662d5f4e |
| SHA512 | 57988db326f62915b79118381bd5ae1901f51d310045f7caef1770b57984cdf43b9f8660c3a8e842177129be83a253ab4b92a2e329fb49077a035981feffc8b4 |
C:\Users\Admin\Desktop\CopyMount.rmi
| MD5 | b13869cfb0f1085051b839f7cda50416 |
| SHA1 | 18702d22d96387a797be61c8d687b74b9710839d |
| SHA256 | 2c683998090b2e884dec8cdbee76fde84edbf1078d6d17d2004026e2ac4d137f |
| SHA512 | ceb5ca26a4a3e856d293c2a36a4592fca5812557fe5db646394c4b3a5ed4018c9da5a4d14ff3ecb96cf0389880fd90132eaecb3fb86d902cdfb66fc98a5806b0 |
C:\Users\Admin\Desktop\CompressImport.ttf
| MD5 | f1f2582664dba748919e09dcdc8c8ebd |
| SHA1 | 32ec5a1b8f9f997499a2658b59a8e0b49409352e |
| SHA256 | 136a64a6fc59ddb837cea3e153681a3727b61b2c85cf6d3b810c82d2e723c2a0 |
| SHA512 | d62a1578b496fe958bf4085227a723554267837b60ea6f7d925789583be180222a3aaf1be7c79dbc16a4f9f42d812a5b24381bfc14e993b9f6faa256c76dfe62 |
C:\Users\Admin\Desktop\UndoConfirm.M2V
| MD5 | 362679d144ca252c28cbe6e9a90f258c |
| SHA1 | 156c621cba9dcf1e84f1633c57d8b0300aa1bedd |
| SHA256 | 34dee765647dfc9924c6ede8c3e14d1749d114392195985eff2e13ab94e15468 |
| SHA512 | 668fa007045223912f7a88356cc90e5d5b119e8c945b97c13607fc057235cf5f310e78afcb36ff0616ef13a15ed37bf6ab1c3e208eccdb3c4b9f7f53902e3308 |
C:\Users\Admin\Desktop\UnblockUse.jtx
| MD5 | e8561fe80e25dd27b6097cd2bbc14b5f |
| SHA1 | 6d9c9224087664ca5a7165901fd7b3d600873f25 |
| SHA256 | b9fde4117cf0a54e87fdcf2154f3815edb1fe8eff62406cd0e5a06ced935a73e |
| SHA512 | 780a5330ecd3e74be38332ed89302452c48fe5da865ad411b5df8b912a9f86999e575d8275ecfb59813d10b017ed400c631e9731cab01e9832029219b7124369 |
C:\Users\Admin\Desktop\StartAssert.ini
| MD5 | c8cd4e1b1e95a6ac5505ea7eb50e1228 |
| SHA1 | 8e32a7ab89408669af8a3aa102ee127f02040eb4 |
| SHA256 | d5673576c8b7401331301fef218d0d537a721d2f3c611867843863d2fcb257be |
| SHA512 | 20ec4fb6b9643575e90743d255697bd43db7ad9969bfa55329bc0a2c08cc7c887a1c634e6ad143f9960824b1c62b04cccda1a81e45bb8b6d69dd5194548574ab |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | b5c6f9f25ffc78d031287735623c39c3 |
| SHA1 | c724b5a92d7647be47f3ee4ccf21c51b84b45a43 |
| SHA256 | acf73b2d3fb34beeef3ae0e0d5b88e0f159a77e188a6584eb60c1596f43a0d99 |
| SHA512 | f52484b858b5841a86e662005257b1452935068390153925ef8f719b1b5322afa56d5b6ecf066012ff3a35ad00fe04db89e544fa1256deed60cef489d6bdd0ed |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | 0667a27d5d22cc3abd646432c6ea3024 |
| SHA1 | e4f34319ecd1f296e622f477a33fe6f1873af56e |
| SHA256 | 555b2726e4721495a486a39dc9968b2ec03b26ebc713421bbdbb39b7a918df9a |
| SHA512 | 55e5c5c27c0013a043b7d7265633efd036097a2b3adb2e798068cedbb141377f6034643c3df5b9a2459e8b7790cdaf64f59a11bff7d30113c7f0f4771ed1bf40 |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | 3d0a7fb24085093ae0b8650fd0e9daa4 |
| SHA1 | 361c9ab865d131cf73b15df9532de3ff59f1d2cc |
| SHA256 | 67d1a7891f7a191669103ce6a699bcf2f3af24a5697933764afdca2c1755554b |
| SHA512 | 20a299cf876a9784d157d18df70bf0b4ecea529e8c74e6bb1621e2589e99582b09920869f7d2b1fde0ba15800cb4a2dff13a9bed64886404866cc9bebbe77286 |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | c915439f2198feb98a6eb7ceb3f7d9f9 |
| SHA1 | 3f2011f8ec51c48c81d9415844c9a8987f916e79 |
| SHA256 | 8703ff9c0721235e77a94e1929bb33e1bbd619c3ee1269fbf5ec7b38b41a41ba |
| SHA512 | 40ae1fc6827e9d94a0de4a648566a69ad587e8fb39fdff634ef98dd0cbef8eab3fb0689f12d9f920d3b53aa25092c47b426f1661747262ee3792d208c71dd683 |
C:\Users\Admin\Desktop\AddUndo.vb
| MD5 | 3aa468452c72daf5c19b7dd4a6ef394d |
| SHA1 | ecb2b7987a423ca71e672ca5a7fc7eb4b0da7e01 |
| SHA256 | bdd8909fad1b42ad8406e143718193d66625d8d4cceb82e91c00945b91485faa |
| SHA512 | f0962ab42789ad6e41c9bdaec937a2951f4c44804972283c65c87f0fc1dfa34f00b8950f0234bae909e81bc933613e3dfdc3802e37d12b6ab430499967969353 |
C:\Users\Admin\Downloads\SetGrant.dib
| MD5 | 0b784b35bb661f35fed50114b8b26071 |
| SHA1 | fcb0eeee8cad175d718c7d8960e2af006d74a0c3 |
| SHA256 | df4cccf9894164f197ebbcfdedc477f44c54ba04e2d4cf4be6dd4268a8390827 |
| SHA512 | 4e113aa4e41edb81e8f6481eb21678ae315cbfd2dbd54900b4566676c6247008a722803a2778063ffa35747c2d84196c481727e899edc2ac9ddbe038f356c3bf |
C:\Users\Admin\Downloads\SuspendSkip.ico
| MD5 | cef557fbdcb0b577a552e26d56b81580 |
| SHA1 | c44efd32b977e71a4a1d303bc465fcaa5a47dfe1 |
| SHA256 | 03b3088ee147e81fdda15dd479b56932f51d56e9d07c64c39ac5fa6f333112ee |
| SHA512 | 6217816ba2708dbe76dd7aa784513724e39e6dd30532c08535808c9eb397be7aa5c77a4c2175e335f04f96f14f47f1c5d9c752a55dac7a78ac7a591f5ce5b68e |
C:\Users\Admin\Downloads\StopPush.bat
| MD5 | 9f3231ffee94ea44aaf1679a76570607 |
| SHA1 | b338de7d0b32fb6126e6f5fa6b90407b87475985 |
| SHA256 | a7250ed9124bc9e57d42199d87dd86bff2b822bba00077e4982221faacb7aa8a |
| SHA512 | 0e2498bf41bb468dfdbffd69c07ce0640cb470bf7021d6345edc641c9403b943781373bd7b9c7ea2b3d5a33715a480b7e29ac8b9921c6a014ed84cf7cddfb2e3 |
C:\Users\Admin\Downloads\StartDismount.wmv
| MD5 | c1713735d092662bdfe6e32a1a32a5b1 |
| SHA1 | 02a0b84e3ce1891d07dd90b68ecd256419a3c7bd |
| SHA256 | b35fcfbe2a64804fb2be63fbb32c47c1f11cb692066a3e6eb829fc87d4c97912 |
| SHA512 | b60d8521846462d191e4d4966db6ca22018f059cce9225e3adc43bb5868bab7cda7da0f1fc227f85b693591fbb11f2cb75e4923ddb21e5718ef2503b4888d42f |
C:\Users\Admin\Downloads\SkipNew.vstm
| MD5 | 82e220b2a3d819566b7b9775f6d4c363 |
| SHA1 | d811fac943788d4830a2b2fd4651f8a0b617b033 |
| SHA256 | 5113aa41d6fafe2923e848ef7b24022b4bc4ac7e5b54d7743fa9f1d0c142de22 |
| SHA512 | 996579c67aa49b92be675dca9c5a600332a960291461ff8b06cb153e6114c54b7e7ce06613f4710597c41873eb266d70dfd153a908ca94d154d0d5dec55ef5b7 |
C:\Users\Admin\Downloads\ShowSelect.mpeg2
| MD5 | 15ac562c5c38fc4f4ad0ebb9db2b2d6b |
| SHA1 | ef3628970ce9f499ea0ddde667707ad7f02e4ca4 |
| SHA256 | bfecd41dd73250cc01b295cf4897f9442fbb486038e66a9b27aecb83de3d5b3c |
| SHA512 | 9736b6ef3d82c9e0324b05a22bd7f19d189f48912d373b084011a1456ba9958fdf3f0b4baf64b66c80b600f1ce8c896d69e07ee47c68b102b1ee746848d2afeb |
C:\Users\Admin\Downloads\UnregisterUninstall.wpl
| MD5 | 70e515d2f015048eb88879a6602e06d0 |
| SHA1 | 378195747fc0452c70b53180fd428cc61b2c5a47 |
| SHA256 | a763e004ba75fe73f630f8f4d051adea2f25b90335b105552b5af3247d56bc7a |
| SHA512 | eb1fe2a3eac24fdaddffdf9b7f4496617ac834a56de14be460d2bb5015369fecc8545d909d9759721bcadbda345ae78e11001f730a2d7190216c14e2185f1773 |
C:\Users\Admin\Downloads\CompareBlock.ini
| MD5 | 4fda25fcf4375af8a3e9b5ba614c676f |
| SHA1 | 78b5e8f6bc96f50baa69e0b94ce7171a9c1609e6 |
| SHA256 | 62a14f3b4d9fa85a0b816194f7835a55d2408f0c612c30ebadb8945aa8d1eb22 |
| SHA512 | 80b09e36303ea9e66f48ba7c42a6496e42445099e377dfc02daf731c749ca66df2b9f48e13b7f881e756cd15d621a6423cb2d29eb188c3ad714c0251945a654f |
C:\Users\Admin\Downloads\ClearDeny.exe
| MD5 | ccc246bff9d9a8a7e30de7d59e6b9e2b |
| SHA1 | 878100999400fa7de780012c118bbcbbffc65af4 |
| SHA256 | 871d7f3982c66986ca5a7c4665622b5c3e5e342536297ec04c806f69a584a3be |
| SHA512 | 233d57e4a634d500cf3fa6c1fa5f22263ae53055324f90fd1eca179590a5092a33f7082b6160e1602cdcc0aae7b402c13631b8eeb07e16dd681f66622cae1a82 |
C:\Users\Admin\Downloads\CheckpointStop.gif
| MD5 | 6b7dd02c0cc4bafaed5b87db86458154 |
| SHA1 | 3112c22ad1111ff52721024b9bb16361efb5e345 |
| SHA256 | e8043a3a4f34f01090e133185e0bf88b9afc0e32df71b6895fffeeec9f5ac6cf |
| SHA512 | cdb7c4e11444527519960e4cc93e069cab202bf0d9e7f97e19c44947aad0687d22a20b101a1fe819370573ad74ae1e987f75630cf22f6edc958e018462704332 |
C:\Users\Admin\Downloads\AddWatch.mp2v
| MD5 | 255e8fba18250fb84330c47c347378c8 |
| SHA1 | d67902b5dccd802c9fef82b445f68943a263e47b |
| SHA256 | 0ae99cfaba741acc4c6534f001988122da094eb4fcd0ea0ec3c87469b24e6575 |
| SHA512 | 42169d7595da649c833b910ce454a2578cfe60130dd55870383dc5fc708ea7c738b898f5039ace4fb7588f29666be0e3be947b23fab85b4d629eb561be0105b9 |
C:\Users\Admin\Downloads\WriteInvoke.ps1
| MD5 | 171739e32c98f7394c0babe323ac92a0 |
| SHA1 | 25283a41427fef55a61c3bf34d31bf738ed9c7af |
| SHA256 | 85c49841f65b84fa9a99b95d0a417d96c5d21e17e2412efff79ebe9500cb705a |
| SHA512 | 6b40080bba45d49bb8f548930fa1ca37a910b510b4fe12bc6da9427986b666404e0d14211fb1a69ba4a362ccbe328672f3b9f109bb9652107f377e1b2f212c11 |
C:\Users\Admin\Downloads\WaitReset.pptm
| MD5 | 42b6762c5664c72731f0127af408c5f4 |
| SHA1 | a4b1258c33dad17461cf6477453d3623ab80c968 |
| SHA256 | 613cea91af6082261d98b094f24b1465562be2af6dda529d6f420f67d8958bff |
| SHA512 | 7fad7bd2720dcc3f8126af8fd5c2f20002c98d39ae488e80c089c0aeebecf6694e85f338263783b67f927cfead8cd41fda86bc82f3e77068d2888d2ceec7aaa1 |
C:\Users\Admin\Downloads\WaitEnter.wm
| MD5 | 4ba7da0469cb9655c41a9ed63fac700c |
| SHA1 | a1a307d6be0c13f1d130dff14efd8bae7b14ebcb |
| SHA256 | 840fbf47ab39ef8b1a76dba03ccaf2fe22bb7e437342d707d171b5508af4ef91 |
| SHA512 | 02bd08459c8e8f83ab1c5e2d939980c086a651446262f640ec67b3340c69b00637e1d1ac727a81d09c3dd34bbf46a3e928b46cfc4837e164870ed77a0474dd45 |
C:\Users\Admin\Downloads\UpdateSearch.bin
| MD5 | 6cd7a558ff4961080f80aa4027d67301 |
| SHA1 | 8a53278b32e0bb6bb6ce0264d17e11754a0bec73 |
| SHA256 | 34cf405053a5d409e4a42b8d765c9cb673350d00dcfbeabb424ecc803cbaf311 |
| SHA512 | 1daf3b1a045c299f5cf191fddaf0063977fdf6b8ff97d9f333212f24434cd0428483172af34dadcb75b91cb2680222aea39612d961a994b73641270d34298b8e |
C:\Users\Admin\Downloads\RequestOpen.lock
| MD5 | c4a823dc2a532f636d33f6414709a31d |
| SHA1 | 4a78bcaa86ef9241989d7105a54a146a4858a82b |
| SHA256 | 6354b9d362224d7751ba37a4bb99e81fa0620e47c90d13dabdd9b0d31b8f660b |
| SHA512 | 91eed853d0778bf36cd84889e2ead99be924388f836c1693b23570df0c97a0bf85df647e9d1995532b5c377fc95d7e15fd0c7366db159a715033eef1b9131b7e |
C:\Users\Admin\Downloads\MountInvoke.docx
| MD5 | 39764fbf003bf897f184ede01fd9ed30 |
| SHA1 | 04068396213869061b892455d7fdffbdfb3154e9 |
| SHA256 | 1b618c0be40fde0b78ac81d2cb7c62aae8bfc863f2f3efc512b5f06a0c1b12b3 |
| SHA512 | 58c256033157ae0afcf331a9fc5c053a0b753820f22862657520a4cfd54127e52fc661e2e30cc84925f0adafa54adeb4c17311d7232fc021144a63134f3b8dc4 |
C:\Users\Admin\Downloads\MergeProtect.xhtml
| MD5 | 408f54e2002d4152e3f848d8c053a15c |
| SHA1 | 8a74e17aca63bd95cfd99aa4a97fe6fba2705d88 |
| SHA256 | 6a5ca841c72fa30d4e97c78ffe8a00c720e954652dcd83348611bb7d2ea7d314 |
| SHA512 | 5c267b154396b733330ab222573b52817b72670bb95bda03000f15a2a19f93a47e26e2958e7f0cbad74a67a91b2574ed8cf99363b41fedb8d66591c674f29f22 |
C:\Users\Admin\Downloads\MergeClose.htm
| MD5 | 43f36f53bd9a0fb805c2ddc913a9ebcd |
| SHA1 | 2bb9a4378c24ceea5e8811160bd80d3e9a484dcc |
| SHA256 | f005f77b1aa46618dcb9a7bfa289d4dd9f8de8d95f21f3b4a2c89cd365a69d41 |
| SHA512 | 07b92631bab80968144c0eec6361e9d466c62afd378c3bb892ebb9fc298280c7a02b1484ea52eee22b327df2769e1233cc5828c0df3d711dbcb9b3d8a084e105 |
C:\Users\Admin\Downloads\LockExit.jpg
| MD5 | e23d7d0129699acbafbed24ab0ec6fdc |
| SHA1 | ebd8757d8a323fa023e08015fbbca61ac0c4300c |
| SHA256 | 391d4c9b0f6c228a323b1a4168ee8df4e93d552f8e4c9597ac9dfdaffebcd857 |
| SHA512 | 822e44fb8183eb9e5a837da74eef3abbfba2bb5e06755e7fc46ca1a703c98b2a0e224efd95d36f5ce5bfe15cb74fb216c2f31dcae2f7ff293cd60025d73b28c9 |
C:\Users\Admin\Downloads\JoinGet.mhtml
| MD5 | b85f9a8ff08c669f1f29d765528467f0 |
| SHA1 | 8991a1fa27c740381b7fb0f997856250c010ec4a |
| SHA256 | d457309ee4fa870f42cbba9dc35a36c024394ca4d80634e86648ee5b8451b3b7 |
| SHA512 | 25f502de04072cb15b4d030c74532f551d621659947d6f7b5709b8a1769539420f3a0f8fc76ddded6dff1a78b9d20e095df9a1871c6c988896a58665b846c809 |
C:\Users\Admin\Downloads\ImportSwitch.xml
| MD5 | 27b9e64065312c20ea83600059c14322 |
| SHA1 | 5e51905bd31f8dc391de382334a8a2040d656c3c |
| SHA256 | fadeb825c2a40c5ce27ed9f560fc1796517463df2519931198760515fa268a71 |
| SHA512 | d85b59739cedd103f2645e45d8feefe3ba5e86f92ad82d2c1261e07b8078c79be1976fe0d26bb9f434d0bc72441441d204a186ca6ad44c763ad4d8580dd631ef |
C:\Users\Admin\Downloads\HideRevoke.xps
| MD5 | 850a36b98aa32d40ff68b90ebc8f4a78 |
| SHA1 | 74499ea37d023b4b84aeaaea7016cdc4ce670742 |
| SHA256 | c0d5e2b13adf74d350e77b2dc2e2a3ce368f2e97b46c260ad3bd1eb93920ddd6 |
| SHA512 | 8e1a06494b1322dce716564974b37b7dc5a1ac8833eb71e071896c77d79d2468ca2ef642bdb45b84edb905bba81f8c667e5093257216fda359e1a62aa78217e7 |
C:\Users\Admin\Downloads\HideReceive.xsl
| MD5 | 83eb7d6bc317d6bc13e42dd71cd7833a |
| SHA1 | 83367f58107c857525110625bfcaa68f76524bad |
| SHA256 | d7b05fb323544eca235a2c2be901f5f4d24a3fffb3eb98f9cb62b0317dd04d96 |
| SHA512 | 1764140ef9a5073daf958c9f89c660f0fdf111b566bf490b99a238182972a5587fec4b72b51dd7c1ac2b5122ee0ed7c7592bf18972055eb2ea534b17a919f891 |
C:\Users\Admin\Downloads\GrantRestore.ex_
| MD5 | 8d24958d5571afb4ee81ac75016dcaa4 |
| SHA1 | 31e1522f88b0189636f330e70e2b1b8ab471183f |
| SHA256 | b0eace59e6305c55f83dfb944df32abf2dfcbb270b36f395f3a14430f5d6f627 |
| SHA512 | e1f503a6b14a07f7aef78273c50d24949fe333ad981793e34846e41b59f2ab10ec9a052419f8a6a2b64f2b6ce7394760603bba6e67147a09bbf18dfc140e6120 |
C:\Users\Admin\Downloads\CompressFind.wmv
| MD5 | 1ad62b5666fe76b6ae1436f4fdb7f890 |
| SHA1 | 05ef4d68a445320e132ea93d065a040618fe750c |
| SHA256 | 7a4b953bb7654a00edfdfb0c7d65d08d1b99f18ecb1a57ddd3ed038b8de1a4de |
| SHA512 | f8a1be8af53d7294a3cb04a6b606f69e7d891f70b7f498b43d8230f1c80405e57eecec6d4cfdfb599f07c4c07a0706edd152ddd984760ad492bd946ac1267b3d |
C:\Users\Admin\Downloads\EnterApprove.tiff
| MD5 | a76c5b2de57c3f458affc9d6dbe9e353 |
| SHA1 | 1d4256a83eeae12cb06357e98c36bafc9af2b0c2 |
| SHA256 | 3b2858bc6ba33979ba7d8ff0d30b06a4d5069e716d5afe9bf24be2f25f3aa174 |
| SHA512 | 5d9dfd519b343a2bf59412608938e5453b8cb5d8511958e554e27fd906512c015fb0cf55dcfa0d3984d0677cca0210df3cf9b68e24efa2f746fd094ca0c560a4 |
C:\Users\Admin\Downloads\EditMount.xps
| MD5 | 6ba19aca072c1e124517d4e8f6585db7 |
| SHA1 | cf0cfd3d03c4174ed3e2a1dda59d41925c3ea80e |
| SHA256 | a6a766ee2e904ed6919004bbb87a3dc21140313566eac9356cb14050975d8c79 |
| SHA512 | 550b91a96c36f1e2807f1b342cdfa59d24e607ffdf6f52e4427de2871eaf432013aed47c3815e6df331da7e9019f3632584c97784f1e798ef60203cd1b3e7204 |
C:\Users\Admin\Downloads\ConvertUninstall.cab
| MD5 | d6cbe83b69ffc575dddf6a3906938899 |
| SHA1 | 67d9559f4c5865727cc95604e8c169c8eff8e212 |
| SHA256 | ec3d8d54351416950b04410d7b3563123b57aa7f96b12544a7013ca844f4848f |
| SHA512 | 27b9f01db79c4a7945f54ca7b8582360b692fa0900d411691d70e8dea694cd8ba1c224f41202015ffa37b0d093a01e0ae8ad1884c8b8586fe62a04bc5d431793 |
memory/2000-248-0x00007FF9986F0000-0x00007FF998700000-memory.dmp
memory/2000-249-0x00007FF9986F0000-0x00007FF998700000-memory.dmp
memory/2000-250-0x00007FF9986F0000-0x00007FF998700000-memory.dmp
memory/2000-251-0x00007FF9986F0000-0x00007FF998700000-memory.dmp
memory/2000-260-0x00007FF9957D0000-0x00007FF9957E0000-memory.dmp
memory/2000-261-0x00007FF9957D0000-0x00007FF9957E0000-memory.dmp
memory/2000-979-0x00007FF9986F0000-0x00007FF998700000-memory.dmp
memory/2000-980-0x00007FF9986F0000-0x00007FF998700000-memory.dmp
memory/2000-978-0x00007FF9986F0000-0x00007FF998700000-memory.dmp
memory/2000-977-0x00007FF9986F0000-0x00007FF998700000-memory.dmp
C:\Windows\INF\netrasa.PNF
| MD5 | 80648b43d233468718d717d10187b68d |
| SHA1 | a1736e8f0e408ce705722ce097d1adb24ebffc45 |
| SHA256 | 8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380 |
| SHA512 | eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9 |
memory/5108-996-0x0000029782B30000-0x0000029782B40000-memory.dmp
memory/5108-995-0x0000029782B30000-0x0000029782B40000-memory.dmp
memory/5108-994-0x0000029782B30000-0x0000029782B40000-memory.dmp
memory/3792-1001-0x0000027859310000-0x0000027859320000-memory.dmp
memory/3792-1000-0x0000027859310000-0x0000027859320000-memory.dmp
memory/3792-999-0x0000027859310000-0x0000027859320000-memory.dmp
memory/3792-1004-0x0000027859310000-0x0000027859320000-memory.dmp
memory/5108-1006-0x0000029782B30000-0x0000029782B40000-memory.dmp
memory/5108-1005-0x0000029782B30000-0x0000029782B40000-memory.dmp
memory/3792-1003-0x0000027859310000-0x0000027859320000-memory.dmp
memory/5064-1009-0x000002BCAF820000-0x000002BCAF830000-memory.dmp
memory/5064-1026-0x000002BCAF930000-0x000002BCAF940000-memory.dmp
memory/5064-1044-0x000002BCB3A20000-0x000002BCB3A22000-memory.dmp
memory/736-1161-0x0000020820200000-0x0000020820300000-memory.dmp
memory/736-1187-0x0000020820D30000-0x0000020820D32000-memory.dmp
memory/736-1189-0x0000020820D50000-0x0000020820D52000-memory.dmp
memory/736-1184-0x0000020820D10000-0x0000020820D12000-memory.dmp
memory/736-1195-0x0000020820DF0000-0x0000020820DF2000-memory.dmp
memory/736-1193-0x0000020820D90000-0x0000020820D92000-memory.dmp
memory/736-1182-0x0000020820CF0000-0x0000020820CF2000-memory.dmp
memory/736-1191-0x0000020820D70000-0x0000020820D72000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\169AKQGP\support.microsoft[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
memory/736-1279-0x00000208237F0000-0x0000020823810000-memory.dmp
memory/736-1289-0x0000020823B90000-0x0000020823C90000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ARV64HHX\favicon-32x32[1].png
| MD5 | fb2ed9313c602f40b7a2762acc15ff89 |
| SHA1 | 8a390d07a8401d40cbc1a16d873911fa4cb463f5 |
| SHA256 | b241d02fab4b17291af37993eb249f9303eb5897610abafac4c9f6aa6a878369 |
| SHA512 | 9cbcf5c7b8409494f6d543434ecaff42de8a2d0632a17931062d7d1cc130d43e61162eedb0965b545e65e0687ded4d4b51e29631568af34b157a7d02a3852508 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\119NURWM\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Windows\Temp\SDIAG_7b816465-765b-4685-b1e2-1f2c5ec40abf\en-US\DiagPackage.dll.mui
| MD5 | 385405aab1d7a28dea9fe58d0bdd96f9 |
| SHA1 | a7c07aa34e61eaad40608397185a0ec708078616 |
| SHA256 | c51f3159af353fc059e4fb3056e6768620c7c6a8872ff815acf5287915cc2ddf |
| SHA512 | 03b3cf5409afc1eaf2ce5468377af2d741429247775209181a0d7cfd77baa062f50efe57f10994f70151561b5ad522d7b67cd06084fdd1a4e87a26e89792be40 |
C:\Windows\Temp\SDIAG_7b816465-765b-4685-b1e2-1f2c5ec40abf\DiagPackage.dll
| MD5 | 9f0e103c30e13c425d42f1c462676f8d |
| SHA1 | d680d2594a62fa7a41a871f16ac07f202edb0919 |
| SHA256 | 3516504cc5daa5885e5df7ee664d7cc4c59260ecaf9febfa8bc006608f8b92a5 |
| SHA512 | 35b61c15b5c66bf358723a528d394eb050b59f95dfa5ea0de7dc1f4fac2219fddf6222d5f2aba6b3566b9a6be4e2b7f12e6a671f87c3bf5044997a514c747764 |
memory/5756-2031-0x000001D3A5600000-0x000001D3A5622000-memory.dmp
memory/5756-2034-0x000001D3A56B0000-0x000001D3A5726000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ey0a01jh.quz.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\1468091789\2024061317.000\BlueScreenDiagnostic.debugreport.xml
| MD5 | 82aac5f07db78adc7182f5346430e986 |
| SHA1 | 1360c223cfe19ee4620a3ce79c04bb28a529e7b3 |
| SHA256 | c22f7070d46fa532b38aec7bd09d622331bcef1416eab966fca392efca6fecc2 |
| SHA512 | 8207f1dbed12e9f2b87780db8eed8bfd53cad2c01682b0d6f96a7ed4aeb413e42a43cbc6346acb66627628e8a831708156716029202b8785250a9adbe1451e1a |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\1468091789\2024061317.000\results.xsl
| MD5 | 310e1da2344ba6ca96666fb639840ea9 |
| SHA1 | e8694edf9ee68782aa1de05470b884cc1a0e1ded |
| SHA256 | 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c |
| SHA512 | 62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244 |
C:\Windows\Temp\SDIAG_7b816465-765b-4685-b1e2-1f2c5ec40abf\result\ResultReport.xml
| MD5 | b0dd18fbcb3285a41dce6eded8cfa019 |
| SHA1 | 37e4fa5291d8efc9eb72df31d65665b91876aa1f |
| SHA256 | 7b2d87e5a3058472e9580b4206b2cf298f25967b2d66f264d322b3894df67663 |
| SHA512 | 302472ad901f73b0b069d94e747eb7f518508ee3524185c6e9e08f515e71b30a1ea5bf4315e00e745c2f2cba662b2f16f199fe42e5d9a7742ad2697f5bee8f39 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\1468091789\2024061317.000\ResultReport.xml
| MD5 | 736a696140938191cc0ddfb1342a32e0 |
| SHA1 | bc7d3bd9207429d5bfbba13f6dcb9ab53f4ae9c7 |
| SHA256 | 41498c759b0a9d0b7cdaefd49ad9b77a35d1ecf98518dac9140a8e39a3e9defe |
| SHA512 | 4ac64d84d1c000a07b413e018d9179e0ab7fe1ac1bfee0a90eec68f643cd8ba231947d61b0e78bc7ba0ba82d6b3ed00b605acb2c5a259429c21a9c8b8fa82aaa |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\1468091789\2024061317.000\results.xml
| MD5 | 47adc36081834dabb4d2e7846b78698d |
| SHA1 | 25fa60b1abf6fcc0990c1ba3a8d4a7bde264c81c |
| SHA256 | cfb5585e07be0ad41c89ce8b720e5e77c3c76b09c34d7ace1e48962dc2dae85d |
| SHA512 | 564e04999906c2eff708e8da49485dbd5ffb9ce813452c6d704aef22189ce0e6368c096783777e2d57fc08c874e8b09d9560bdba6e3f610bf46a2b688e78f97c |
C:\Users\Admin\AppData\Local\Temp\PLA2BB8.tmp
| MD5 | 95e575e3163deb11135f7577a2a3f2e8 |
| SHA1 | 27a99db312f71fc55a4960a915e9792426521fdb |
| SHA256 | e81a064e44cf3982f804e48b10c969fd525170777ef0802c642e5d23ccab07b2 |
| SHA512 | 86a7827189d33a2f52be1ad9ae525b7949c8e0d9dd2748cd9bab6cbe00befa09ba0ae5b3e2086a514c17380f76e2df5e58ace8c5be751e999e9a9d732d43c745 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFBAE1F4693F3B92E1.TMP
| MD5 | 8e344fc33f8954af4294c174e1953b25 |
| SHA1 | 0a129e9d7e79b247edd6d4570ff25e630213f26c |
| SHA256 | d1a3af1c22652a1ce1a6a85ddcbb836273bdaad2ef9799574a93e66d81b9c341 |
| SHA512 | 01b5602249d3882013919863677f5872c5a580ebd429c57a7fcd3f5e973d3d5e22b541fbd8f23e696a2695e8c61b02d9a24e3ae37627537c1272c08bf495168b |