Malware Analysis Report

2024-10-19 08:19

Sample ID 240613-wa41jsxdmh
Target .
SHA256 ead2648f0c356193d5440f4835cc638c8c37f563448d8c731b6291baa2fd08d2
Tags
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

ead2648f0c356193d5440f4835cc638c8c37f563448d8c731b6291baa2fd08d2

Threat Level: Likely benign

The file . was found to be: Likely benign.

Malicious Activity Summary


Drops file in Windows directory

Suspicious behavior: MapViewOfSection

Checks SCSI registry key(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Modifies data under HKEY_USERS

Uses Task Scheduler COM API

Checks processor information in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 17:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 17:44

Reported

2024-06-13 18:17

Platform

win10-20240611-en

Max time kernel

546s

Max time network

526s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html

Signatures

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\INF\netrasa.PNF \??\c:\windows\system32\svchost.exe N/A
File created C:\Windows\rescache\_merged\3060194815\1209253612.pri C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\INF\netsstpa.PNF \??\c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\642584412\1068689436.pri C:\Windows\system32\SystemSettingsAdminFlows.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003 C:\Windows\system32\svchost.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627744388751260" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Windows\system32\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 950564cfbabdda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b32915cababdda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3acbb5c9babdda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = be6f74dfbabdda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = aeccded0babdda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\support.microsoft.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 37911fd1babdda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\AskToCloseAllTabs = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packa = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b817e3c9babdda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\msdt.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3756 wrote to memory of 4112 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 4112 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9cbef9758,0x7ff9cbef9768,0x7ff9cbef9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4264 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4660 --field-trial-handle=1724,i,11776317366430580959,16839017688438172738,131072 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService

C:\Windows\system32\dashost.exe

dashost.exe {88315eae-b485-40d0-8e196543477392ea}

C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"

C:\Windows\System32\SystemSettingsBroker.exe

C:\Windows\System32\SystemSettingsBroker.exe -Embedding

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localservice -s SstpSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s RasMan

C:\Windows\system32\SystemSettingsAdminFlows.exe

"C:\Windows\system32\SystemSettingsAdminFlows.exe" TroubleshootActivation

C:\Windows\system32\Clipup.exe

C:\Windows\system32\Clipup.exe -d

C:\Windows\system32\Clipup.exe

C:\Windows\system32\Clipup.exe -d -ppl C:\Users\Admin\AppData\Local\Temp\tem7C62.tmp

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\msdt.exe

"C:\Windows\system32\msdt.exe" -ep SystemSettings_Troubleshoot_L2 -skip TRUE -id BlueScreenDiagnostic

C:\Windows\System32\sdiagnhost.exe

C:\Windows\System32\sdiagnhost.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell wininit

C:\Windows\system32\wininit.exe

"C:\Windows\system32\wininit.exe"

Network

Country Destination Domain Proto
US 199.232.210.172:80 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 odc.officeapps.live.com udp
FR 52.109.68.130:443 odc.officeapps.live.com tcp
US 8.8.8.8:53 130.68.109.52.in-addr.arpa udp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 metadata.templates.cdn.office.net udp
NL 23.62.61.184:443 metadata.templates.cdn.office.net tcp
US 8.8.8.8:53 binaries.templates.cdn.office.net udp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 support.microsoft.com udp
BE 92.123.50.159:443 support.microsoft.com tcp
BE 92.123.50.159:443 support.microsoft.com tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 159.50.123.92.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
BE 92.123.52.36:443 www.microsoft.com tcp
BE 92.123.52.36:443 www.microsoft.com tcp
US 8.8.8.8:53 support.content.office.net udp
GB 104.103.250.6:443 support.content.office.net tcp
GB 104.103.250.6:443 support.content.office.net tcp
GB 104.103.250.6:443 support.content.office.net tcp
GB 104.103.250.6:443 support.content.office.net tcp
GB 104.103.250.6:443 support.content.office.net tcp
GB 104.103.250.6:443 support.content.office.net tcp
US 8.8.8.8:53 mem.gfx.ms udp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 8.8.8.8:53 36.52.123.92.in-addr.arpa udp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 6.250.103.104.in-addr.arpa udp
BE 92.123.50.159:443 support.microsoft.com tcp
BE 92.123.50.159:443 support.microsoft.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.4:443 login.microsoftonline.com tcp
IE 20.190.159.4:443 login.microsoftonline.com tcp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.17:443 browser.events.data.microsoft.com tcp
US 20.189.173.17:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 152.199.21.175:443 lgincdnvzeuno.azureedge.net tcp
US 152.199.21.175:443 lgincdnvzeuno.azureedge.net tcp
US 8.8.8.8:53 17.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1f01c8551dc3d4d3ec8c503cf91b69d7
SHA1 69e7bb42ed655ccc938a212534cc14dbf1747dfa
SHA256 75631aa75c0b05dee433c22aa14a8d15d88b955e7a85776a863197e66bfc787f
SHA512 6c8263cfa12b72402802b8cbfbdcd7258445dbf8bee6b024faf553bd14388e7ed3d50231a94d6075a0df199f5bc09b4fcfdbccc3f2be84e30d3b027f18069866

\??\pipe\crashpad_3756_XEWBQAWIRROWJDAV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 79f066b2d835fcdc7e91c2dca278c3f2
SHA1 6d178918596d4300270278f3a717d5ae2fb2bf9f
SHA256 05194d125d3d34817c94b4b052ab83904e1d075e150ed2151a8fad6b0cf3423c
SHA512 0cf04d724ea283550d572d80d2c35c2d2a3312cadebd1bbf8a6a967f39f99034cb1d3c7523a2e0bac77d669ff0d9f5180e31b32d41650d3888fd844cf9a30d64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0ca8e5de583054e1f7c6ea9fb606b584
SHA1 f6e95d8865eeb488c93c3d4f8529393833f0a34f
SHA256 750e88120da338af195e532bcf3c99facc87c15a4dafc93fafafaf41c584c21c
SHA512 d217dab715daeb401f1af05cb3406c4b8e411b85253cc5890af1407e905d244e169378d1a1ef2b286050726c04fe74c36c20e4af9d1bbe5c696d29580e7684a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9bb796b7bcd77d3322b86c87843932f6
SHA1 c962426cbbc1b7f3725caf0d3be0b9f7e7f39c6b
SHA256 95a5f9b3a07bf8d0f275ad8d0ee420d5e77683943e04a8652fd63bc083b2a8c5
SHA512 1ffd07fcdacffba1d6a2acf910b86023caed77de151f4396ca5b6f94284e5535e6e522426e99cdb59def97e429d65d2032c4d88069cd476cbab7d129596de794

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c09e8be1870e33ef054033fa039743ca
SHA1 7c90aa2b21ea3e9c20969f469a9b0bd9ac58cd6b
SHA256 b4e9fb28aab0dc95c678492c4c186a6ac2def27a4c7d9f6d722cb2953012286b
SHA512 f0d032727d9bc13cfa677ba9f4ff7421831fcdcc3611835ae4e25ab44953557885bccd327e1c9106624f565555f9c286809ed1cec34daa8fbb72e06f2bbc13d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 da54e8d72190d28ff8446ea719deb534
SHA1 505e3c9d317f6a19f70229c1d26396bce59e7e8d
SHA256 8b1da42c9c351a5af3e7dbe7f5019541c4e82e6c1928911b7379baf6f8743179
SHA512 5414edf99ae2070bcacd8d3895d8f15a801d888e6d9e6b897f1b37296cd9e2be2db8d0f1529f7654fe9b7ad6977b391732c1d9913b7ab0959bed4bb6285468c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 db47f6b6d3635a21a68200edc09bd2e4
SHA1 2c1a722332f837a48294c7ecb0c76f441f784d61
SHA256 001de4e4319ee0c3d4d8e2d1adf66cf08a076e5ca4f15015fccb813c214e9a8c
SHA512 ae908d1adb971465cecdf6df0d6f35b771c4bb68f91144a29bb03aa126b9f03ac4066999d2e0907aad52ed06109e62d1e8d798f39db51e3b91b2437c8a885583

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58dcee.TMP

MD5 96e7237e2cd7a13c77a7ce0e661dcf59
SHA1 48c237d996afd943bddebbef9ce31c2901f607e2
SHA256 8ceb1db8fdc22fd001253a22bd185194ef3593c958c639b8636f9e565029f23f
SHA512 875c11a1f18bd20f5fbc589b0cfa4dea8ee297f974443a8d5e5f7196cd46f7aece85052d0bbf18b4c5aaaeefb5cbae0a519104329db296370d05e2e3080c9735

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 22845a4258d3d2b1a98b3c1be1ff2975
SHA1 75957287c032e3f60317231a6ecbdf709c70d5b3
SHA256 1f67f36a9994b27dad3871655623bf73d316f2d564029472628701318dfd65c9
SHA512 2992f0835061c5853dc8810d075aed650c678674abdd8dbbf2da66b6630015c556db3f1d4bd697fa7dcc5db2f5c8a33631b6bfdc1bbd164ecdb7ea7024e87907

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 108fd0d5ee5368823e29027fc018e588
SHA1 f1101da18f77de1cb1a73460dd354a9bfad46758
SHA256 0e04db76e8c8161cd3fcfa1e1c7143980589f6bbbfe68ecbdc13669a795977b4
SHA512 77493b7b4b942f97715983f210e8fbf233b763968a05f9187ec524819f1e5e0450d9e3daba97a41d60393019fd6400711cd70e14ad1feb7c7e1816dc13a3be42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3cd6ef826ea9197d9a5d6085f4ce8d1c
SHA1 c8287734507e9f6a0524d3d48b94194e8d27ceae
SHA256 3d6f7588f5d51bccb8af75bd94bfebd9c3b2c2b9e941ce1e8b1b2c4a8fe9feba
SHA512 eca7a4fd580879d0dde99b9386c46e53c5abeb1f882de2ca7649bffd8ae885d2a4b1d9066d872ad2c70855cb8986f6a5de7cad24faef393cf7b0bcd68bff3e8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f7baab6dd719dc641a7983752324cf65
SHA1 0ad68b254a040763d94b7837efeaa7da608a7ed4
SHA256 cdf19c5920ad82cd1131ba2376bc6c4c6d2f2dbd58eff41bcc51176383203821
SHA512 0a84a83baed1a3ff6c3214b68320698a72b2994201a8e964e003c49854481cdcc56100730a7b5a7fe59fb174a1ef306bd6a1c1bee8298c49df16012ec18ee0f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 180fa20883e767fae9bcd30d8b4505aa
SHA1 c560d22169ceae26c28c8419e8ccaf108ef8db48
SHA256 c37e713a98fc8f76e241e662104a9ee61406fe7c20559653906bea55328f5406
SHA512 47bb6e991722e2d000dd1e87dce1027000440e33ab1d214bec9e3d29e6c7afc30d138be09e7dada69f80d3594c40ea2b1d35eea8933a8e1eabd9b4c0f802ae77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a0233a1da12469537b5e0bab45af4e24
SHA1 c99b44ba6174e6e61c8dcb52404f905e76fd52e7
SHA256 3e446a69f347db3ed8db8430a6822b1ecf1ee3c3240995772b4a626a0bd432af
SHA512 8e05a0c13fd8325fadca6b8e036673a335e92943d1b101e5ca4f509946f5b5c159151851b86bc6c038624ff277f0a0e7ff9fdfbbb417a7da8a470c2545d0e50b

C:\Users\Admin\Desktop\DisableStart.svgz

MD5 b9e28351af1625a3b7c53e80629b9d57
SHA1 3aa9be9ee5433380fb60fdf689492f8b97178f54
SHA256 0d1f5f9ef58f024ebdcff174042f9af8f9a4097691d007e96a9fe3b832ef1643
SHA512 6fa961ebf813dbc5b2a07a80bb8272263e652c85e7af26d1bb01ca63934374b8d3daf6d7f61d195160005128cf83106d59b453b5946286b035bec33dac9b8e7e

C:\Users\Admin\Desktop\ExitPush.mpg

MD5 6b59a5552324297fada4b054cbad0992
SHA1 43552f5e0b8d54926402eea8f85d664ed813b001
SHA256 1cee69730ba1b0da0684da772d94d7fc403a75df393d7eac83fa35767eb8424b
SHA512 90827ed7fdee617f5c39fde8cc90f7de3e3f2b2a091f9c22845a4b408d1506db94107de7e88f6e436fa618e0225a449c0bd9437736aabff63eaf297979f04f8d

C:\Users\Admin\Desktop\InstallSplit.htm

MD5 a98dee1758074139d607c1938925ef43
SHA1 5fcd10bc5ad48a77face595ff04b139a8d70d0d7
SHA256 e2fd84c57f6426cb64dfdd0c7539ed0fff222a7842bbde2dae93014a2b0d3a75
SHA512 0d9ffadb13a96e2cc09ef3ded563e29a3aa7e24ad3a40a9324a385230a95346d0d57b521722763b263da3bb8a9743d9fb3a8a090206c0ef9f7d55d3166d6b104

C:\Users\Admin\Desktop\LimitConvertTo.midi

MD5 3c3b423373d0cc3d1f02691aa2835289
SHA1 ff6ebb8ab5bd97299a2acaa4ebb1d3bcd7b28044
SHA256 fe47a2b82d2dbee3ae8436640e03621bf7071274f13b32f55376f311ad8b1dd1
SHA512 1d179303ef43718e14f7f398b40e3f99dacee7121f1c1ef04069d16908bbc52b9e93fd6f4a49b68ba448edb31c387a872974822031784bc172cb9f8c1618a0b4

C:\Users\Admin\Desktop\OptimizeFormat.odp

MD5 37d4d1fc043475b1f26aca56aa6579dd
SHA1 5516448691a6dc7f8f3f3a15012fc439b475b678
SHA256 4754f5831d1aa9ebddcfd4a404b5cc1874cf51bb553459acb5d3f227894a1022
SHA512 1b4bd9333184176de136f57e68d799959ecfdd0ed3bb58305902bacaa7b8eabb141c1cd81c04379d3c69893f852da39b8624b6a93c33dfe33fbeb21c68b1d531

C:\Users\Admin\Desktop\RemoveSearch.wpl

MD5 428a80dedb995689ff921f7cb9b43f9d
SHA1 d6630db4f0f8fe6da9ba651caf58c4883ed31ff3
SHA256 255e5ea3f2261e09e82270f6fcf4c79b55eba71641c64ab563096ff3ecd7e620
SHA512 39647a514891e46f798cff1c848d0a8b9424f728daaa6d65908b79b5eb684b1bf6659ef20769d4b6c618b5d4dae7610e9b56023372640f148787fcaf33c9ae20

C:\Users\Admin\Desktop\UseFind.gif

MD5 23e6ea0f5c2ea06f80256a7750f63d79
SHA1 f9cfd192975272d573edeb1432842e0075309e09
SHA256 36bfb616363266a671a4848808f3cf71ec4ab093fce8ee4de4c16b2734d16bfb
SHA512 e7d34833942c0c42aa91a7281f7c56d4b6cf28bbb6cbb54761d2643f35c11172b28d22188781f13770373004518ed35d965ca7f27b185ba4bc55c60ec63a34f2

C:\Users\Admin\Desktop\UpdateOpen.eprtx

MD5 611380cb8771c501356d4df08d8b6f53
SHA1 48921c7e8bcee125add6bde63374740a742f5651
SHA256 b52ee52772a883a71ebf47362cb91f8ca18d1bc703901e68997bdca6a6f396b8
SHA512 22a1f3b028074e291d5ada11d8ac1eaac1b54e2be80503f03916f86cb465dfa44e34760cdbc431169df2cffc4021e3898d3b5b0a24ebe984d68343e769eb6017

C:\Users\Admin\Desktop\UnblockPop.DVR

MD5 3e35ce063ca331fcba31c64e22f93759
SHA1 c06a47f19c43dd04cbe217b7424ab82ac45fd4c0
SHA256 79ea4bfff4e8b13f7248119647809c94b8b66e0d1a40bdafa57c174cf71aa256
SHA512 c593ef3541b3c7fc20112d14f5b72bf2e9bd13d24fe45d966f90723b10d497fccca3d9d649ae0f31278df129e745bade88bb2e5c0b70ecf4eff681cafee093b6

C:\Users\Admin\Desktop\TraceSplit.mid

MD5 5460e13882518554c842c3e114011b3b
SHA1 f7d16e61fddc18e766764cb454c4131c6c8f2ad9
SHA256 a49b6485cf6f7947f43a2b143dfc06ebb0038940ffcad7ae8317896e52a5068e
SHA512 9f404d0cc594b0ce7bdbe14dd0936d2af49d46714db1addd83e8a4c365f71fc3fe8150c5f100e2d5a8d1b9139aa3f1b6035cdac08891e76061bb265ba47eb8ab

C:\Users\Admin\Desktop\TraceRestore.mpa

MD5 155f5cdc3e012b88e8bf791b94422f3a
SHA1 ddeb211403eed3758f7d8636b66e1198245f6ce6
SHA256 8c4e5cc0228ffd325106bf454ef8b5aa4f32f3feb7a9aa282675457e41c7010f
SHA512 4737a70a7330f0b149073cd07cdfea437575fb1c54ac6cac232c3d5b6d1678ad27fc88ddbbc01d8cdde68e947ffe56aa744d4b4112cb15ffd0321d19601dc136

C:\Users\Admin\Desktop\ShowOpen.jpeg

MD5 e4841ac38b9fdeefb6ed9ad3163491e0
SHA1 ff4d6b73c79fd8686e65464b886c69ea89ba8737
SHA256 8d382fbcfeba827ebcd58f4d26a252237a86b52f5dfa26ab4942ec5e5541c204
SHA512 d74c043e6d593e9fb5b1966fd7ed8dea749eec7e00d8d4266f3a0d0f83838e0673e8e34fc1af38bdcdcc6ace3ea1c2a0b541e1ccc1111b049912a3724642bedd

C:\Users\Admin\Desktop\RevokeStep.edrwx

MD5 2d1ee0a1270f0754d91bc47662d779c0
SHA1 11277bcd79998575c5cecdafabb8da6bceb4b625
SHA256 36c3fdf2b05bff5a6e2d36d0e79539b763bfd4d20e377b7c48de1560c7496a1b
SHA512 327feef99d0d2d305998c42bd61528d972e47cf5cbb0291c51d64eff9a9d38a81e3433da7fe1853cbc4578e8335ef18ba813f95680fac868fbec3dba2b34cf36

C:\Users\Admin\Desktop\DebugUnblock.tif

MD5 3756e7944632fc3544a5dd420c3d72d0
SHA1 5c15ea31411c6b4db762c54b3e84d5f2fd64e925
SHA256 2bd0697335977f3017b197fca5d70bf6104eacc668653fd055593f6d662d5f4e
SHA512 57988db326f62915b79118381bd5ae1901f51d310045f7caef1770b57984cdf43b9f8660c3a8e842177129be83a253ab4b92a2e329fb49077a035981feffc8b4

C:\Users\Admin\Desktop\CopyMount.rmi

MD5 b13869cfb0f1085051b839f7cda50416
SHA1 18702d22d96387a797be61c8d687b74b9710839d
SHA256 2c683998090b2e884dec8cdbee76fde84edbf1078d6d17d2004026e2ac4d137f
SHA512 ceb5ca26a4a3e856d293c2a36a4592fca5812557fe5db646394c4b3a5ed4018c9da5a4d14ff3ecb96cf0389880fd90132eaecb3fb86d902cdfb66fc98a5806b0

C:\Users\Admin\Desktop\CompressImport.ttf

MD5 f1f2582664dba748919e09dcdc8c8ebd
SHA1 32ec5a1b8f9f997499a2658b59a8e0b49409352e
SHA256 136a64a6fc59ddb837cea3e153681a3727b61b2c85cf6d3b810c82d2e723c2a0
SHA512 d62a1578b496fe958bf4085227a723554267837b60ea6f7d925789583be180222a3aaf1be7c79dbc16a4f9f42d812a5b24381bfc14e993b9f6faa256c76dfe62

C:\Users\Admin\Desktop\UndoConfirm.M2V

MD5 362679d144ca252c28cbe6e9a90f258c
SHA1 156c621cba9dcf1e84f1633c57d8b0300aa1bedd
SHA256 34dee765647dfc9924c6ede8c3e14d1749d114392195985eff2e13ab94e15468
SHA512 668fa007045223912f7a88356cc90e5d5b119e8c945b97c13607fc057235cf5f310e78afcb36ff0616ef13a15ed37bf6ab1c3e208eccdb3c4b9f7f53902e3308

C:\Users\Admin\Desktop\UnblockUse.jtx

MD5 e8561fe80e25dd27b6097cd2bbc14b5f
SHA1 6d9c9224087664ca5a7165901fd7b3d600873f25
SHA256 b9fde4117cf0a54e87fdcf2154f3815edb1fe8eff62406cd0e5a06ced935a73e
SHA512 780a5330ecd3e74be38332ed89302452c48fe5da865ad411b5df8b912a9f86999e575d8275ecfb59813d10b017ed400c631e9731cab01e9832029219b7124369

C:\Users\Admin\Desktop\StartAssert.ini

MD5 c8cd4e1b1e95a6ac5505ea7eb50e1228
SHA1 8e32a7ab89408669af8a3aa102ee127f02040eb4
SHA256 d5673576c8b7401331301fef218d0d537a721d2f3c611867843863d2fcb257be
SHA512 20ec4fb6b9643575e90743d255697bd43db7ad9969bfa55329bc0a2c08cc7c887a1c634e6ad143f9960824b1c62b04cccda1a81e45bb8b6d69dd5194548574ab

C:\Users\Public\Desktop\Acrobat Reader DC.lnk

MD5 b5c6f9f25ffc78d031287735623c39c3
SHA1 c724b5a92d7647be47f3ee4ccf21c51b84b45a43
SHA256 acf73b2d3fb34beeef3ae0e0d5b88e0f159a77e188a6584eb60c1596f43a0d99
SHA512 f52484b858b5841a86e662005257b1452935068390153925ef8f719b1b5322afa56d5b6ecf066012ff3a35ad00fe04db89e544fa1256deed60cef489d6bdd0ed

C:\Users\Public\Desktop\VLC media player.lnk

MD5 0667a27d5d22cc3abd646432c6ea3024
SHA1 e4f34319ecd1f296e622f477a33fe6f1873af56e
SHA256 555b2726e4721495a486a39dc9968b2ec03b26ebc713421bbdbb39b7a918df9a
SHA512 55e5c5c27c0013a043b7d7265633efd036097a2b3adb2e798068cedbb141377f6034643c3df5b9a2459e8b7790cdaf64f59a11bff7d30113c7f0f4771ed1bf40

C:\Users\Public\Desktop\Firefox.lnk

MD5 3d0a7fb24085093ae0b8650fd0e9daa4
SHA1 361c9ab865d131cf73b15df9532de3ff59f1d2cc
SHA256 67d1a7891f7a191669103ce6a699bcf2f3af24a5697933764afdca2c1755554b
SHA512 20a299cf876a9784d157d18df70bf0b4ecea529e8c74e6bb1621e2589e99582b09920869f7d2b1fde0ba15800cb4a2dff13a9bed64886404866cc9bebbe77286

C:\Users\Public\Desktop\Google Chrome.lnk

MD5 c915439f2198feb98a6eb7ceb3f7d9f9
SHA1 3f2011f8ec51c48c81d9415844c9a8987f916e79
SHA256 8703ff9c0721235e77a94e1929bb33e1bbd619c3ee1269fbf5ec7b38b41a41ba
SHA512 40ae1fc6827e9d94a0de4a648566a69ad587e8fb39fdff634ef98dd0cbef8eab3fb0689f12d9f920d3b53aa25092c47b426f1661747262ee3792d208c71dd683

C:\Users\Admin\Desktop\AddUndo.vb

MD5 3aa468452c72daf5c19b7dd4a6ef394d
SHA1 ecb2b7987a423ca71e672ca5a7fc7eb4b0da7e01
SHA256 bdd8909fad1b42ad8406e143718193d66625d8d4cceb82e91c00945b91485faa
SHA512 f0962ab42789ad6e41c9bdaec937a2951f4c44804972283c65c87f0fc1dfa34f00b8950f0234bae909e81bc933613e3dfdc3802e37d12b6ab430499967969353

C:\Users\Admin\Downloads\SetGrant.dib

MD5 0b784b35bb661f35fed50114b8b26071
SHA1 fcb0eeee8cad175d718c7d8960e2af006d74a0c3
SHA256 df4cccf9894164f197ebbcfdedc477f44c54ba04e2d4cf4be6dd4268a8390827
SHA512 4e113aa4e41edb81e8f6481eb21678ae315cbfd2dbd54900b4566676c6247008a722803a2778063ffa35747c2d84196c481727e899edc2ac9ddbe038f356c3bf

C:\Users\Admin\Downloads\SuspendSkip.ico

MD5 cef557fbdcb0b577a552e26d56b81580
SHA1 c44efd32b977e71a4a1d303bc465fcaa5a47dfe1
SHA256 03b3088ee147e81fdda15dd479b56932f51d56e9d07c64c39ac5fa6f333112ee
SHA512 6217816ba2708dbe76dd7aa784513724e39e6dd30532c08535808c9eb397be7aa5c77a4c2175e335f04f96f14f47f1c5d9c752a55dac7a78ac7a591f5ce5b68e

C:\Users\Admin\Downloads\StopPush.bat

MD5 9f3231ffee94ea44aaf1679a76570607
SHA1 b338de7d0b32fb6126e6f5fa6b90407b87475985
SHA256 a7250ed9124bc9e57d42199d87dd86bff2b822bba00077e4982221faacb7aa8a
SHA512 0e2498bf41bb468dfdbffd69c07ce0640cb470bf7021d6345edc641c9403b943781373bd7b9c7ea2b3d5a33715a480b7e29ac8b9921c6a014ed84cf7cddfb2e3

C:\Users\Admin\Downloads\StartDismount.wmv

MD5 c1713735d092662bdfe6e32a1a32a5b1
SHA1 02a0b84e3ce1891d07dd90b68ecd256419a3c7bd
SHA256 b35fcfbe2a64804fb2be63fbb32c47c1f11cb692066a3e6eb829fc87d4c97912
SHA512 b60d8521846462d191e4d4966db6ca22018f059cce9225e3adc43bb5868bab7cda7da0f1fc227f85b693591fbb11f2cb75e4923ddb21e5718ef2503b4888d42f

C:\Users\Admin\Downloads\SkipNew.vstm

MD5 82e220b2a3d819566b7b9775f6d4c363
SHA1 d811fac943788d4830a2b2fd4651f8a0b617b033
SHA256 5113aa41d6fafe2923e848ef7b24022b4bc4ac7e5b54d7743fa9f1d0c142de22
SHA512 996579c67aa49b92be675dca9c5a600332a960291461ff8b06cb153e6114c54b7e7ce06613f4710597c41873eb266d70dfd153a908ca94d154d0d5dec55ef5b7

C:\Users\Admin\Downloads\ShowSelect.mpeg2

MD5 15ac562c5c38fc4f4ad0ebb9db2b2d6b
SHA1 ef3628970ce9f499ea0ddde667707ad7f02e4ca4
SHA256 bfecd41dd73250cc01b295cf4897f9442fbb486038e66a9b27aecb83de3d5b3c
SHA512 9736b6ef3d82c9e0324b05a22bd7f19d189f48912d373b084011a1456ba9958fdf3f0b4baf64b66c80b600f1ce8c896d69e07ee47c68b102b1ee746848d2afeb

C:\Users\Admin\Downloads\UnregisterUninstall.wpl

MD5 70e515d2f015048eb88879a6602e06d0
SHA1 378195747fc0452c70b53180fd428cc61b2c5a47
SHA256 a763e004ba75fe73f630f8f4d051adea2f25b90335b105552b5af3247d56bc7a
SHA512 eb1fe2a3eac24fdaddffdf9b7f4496617ac834a56de14be460d2bb5015369fecc8545d909d9759721bcadbda345ae78e11001f730a2d7190216c14e2185f1773

C:\Users\Admin\Downloads\CompareBlock.ini

MD5 4fda25fcf4375af8a3e9b5ba614c676f
SHA1 78b5e8f6bc96f50baa69e0b94ce7171a9c1609e6
SHA256 62a14f3b4d9fa85a0b816194f7835a55d2408f0c612c30ebadb8945aa8d1eb22
SHA512 80b09e36303ea9e66f48ba7c42a6496e42445099e377dfc02daf731c749ca66df2b9f48e13b7f881e756cd15d621a6423cb2d29eb188c3ad714c0251945a654f

C:\Users\Admin\Downloads\ClearDeny.exe

MD5 ccc246bff9d9a8a7e30de7d59e6b9e2b
SHA1 878100999400fa7de780012c118bbcbbffc65af4
SHA256 871d7f3982c66986ca5a7c4665622b5c3e5e342536297ec04c806f69a584a3be
SHA512 233d57e4a634d500cf3fa6c1fa5f22263ae53055324f90fd1eca179590a5092a33f7082b6160e1602cdcc0aae7b402c13631b8eeb07e16dd681f66622cae1a82

C:\Users\Admin\Downloads\CheckpointStop.gif

MD5 6b7dd02c0cc4bafaed5b87db86458154
SHA1 3112c22ad1111ff52721024b9bb16361efb5e345
SHA256 e8043a3a4f34f01090e133185e0bf88b9afc0e32df71b6895fffeeec9f5ac6cf
SHA512 cdb7c4e11444527519960e4cc93e069cab202bf0d9e7f97e19c44947aad0687d22a20b101a1fe819370573ad74ae1e987f75630cf22f6edc958e018462704332

C:\Users\Admin\Downloads\AddWatch.mp2v

MD5 255e8fba18250fb84330c47c347378c8
SHA1 d67902b5dccd802c9fef82b445f68943a263e47b
SHA256 0ae99cfaba741acc4c6534f001988122da094eb4fcd0ea0ec3c87469b24e6575
SHA512 42169d7595da649c833b910ce454a2578cfe60130dd55870383dc5fc708ea7c738b898f5039ace4fb7588f29666be0e3be947b23fab85b4d629eb561be0105b9

C:\Users\Admin\Downloads\WriteInvoke.ps1

MD5 171739e32c98f7394c0babe323ac92a0
SHA1 25283a41427fef55a61c3bf34d31bf738ed9c7af
SHA256 85c49841f65b84fa9a99b95d0a417d96c5d21e17e2412efff79ebe9500cb705a
SHA512 6b40080bba45d49bb8f548930fa1ca37a910b510b4fe12bc6da9427986b666404e0d14211fb1a69ba4a362ccbe328672f3b9f109bb9652107f377e1b2f212c11

C:\Users\Admin\Downloads\WaitReset.pptm

MD5 42b6762c5664c72731f0127af408c5f4
SHA1 a4b1258c33dad17461cf6477453d3623ab80c968
SHA256 613cea91af6082261d98b094f24b1465562be2af6dda529d6f420f67d8958bff
SHA512 7fad7bd2720dcc3f8126af8fd5c2f20002c98d39ae488e80c089c0aeebecf6694e85f338263783b67f927cfead8cd41fda86bc82f3e77068d2888d2ceec7aaa1

C:\Users\Admin\Downloads\WaitEnter.wm

MD5 4ba7da0469cb9655c41a9ed63fac700c
SHA1 a1a307d6be0c13f1d130dff14efd8bae7b14ebcb
SHA256 840fbf47ab39ef8b1a76dba03ccaf2fe22bb7e437342d707d171b5508af4ef91
SHA512 02bd08459c8e8f83ab1c5e2d939980c086a651446262f640ec67b3340c69b00637e1d1ac727a81d09c3dd34bbf46a3e928b46cfc4837e164870ed77a0474dd45

C:\Users\Admin\Downloads\UpdateSearch.bin

MD5 6cd7a558ff4961080f80aa4027d67301
SHA1 8a53278b32e0bb6bb6ce0264d17e11754a0bec73
SHA256 34cf405053a5d409e4a42b8d765c9cb673350d00dcfbeabb424ecc803cbaf311
SHA512 1daf3b1a045c299f5cf191fddaf0063977fdf6b8ff97d9f333212f24434cd0428483172af34dadcb75b91cb2680222aea39612d961a994b73641270d34298b8e

C:\Users\Admin\Downloads\RequestOpen.lock

MD5 c4a823dc2a532f636d33f6414709a31d
SHA1 4a78bcaa86ef9241989d7105a54a146a4858a82b
SHA256 6354b9d362224d7751ba37a4bb99e81fa0620e47c90d13dabdd9b0d31b8f660b
SHA512 91eed853d0778bf36cd84889e2ead99be924388f836c1693b23570df0c97a0bf85df647e9d1995532b5c377fc95d7e15fd0c7366db159a715033eef1b9131b7e

C:\Users\Admin\Downloads\MountInvoke.docx

MD5 39764fbf003bf897f184ede01fd9ed30
SHA1 04068396213869061b892455d7fdffbdfb3154e9
SHA256 1b618c0be40fde0b78ac81d2cb7c62aae8bfc863f2f3efc512b5f06a0c1b12b3
SHA512 58c256033157ae0afcf331a9fc5c053a0b753820f22862657520a4cfd54127e52fc661e2e30cc84925f0adafa54adeb4c17311d7232fc021144a63134f3b8dc4

C:\Users\Admin\Downloads\MergeProtect.xhtml

MD5 408f54e2002d4152e3f848d8c053a15c
SHA1 8a74e17aca63bd95cfd99aa4a97fe6fba2705d88
SHA256 6a5ca841c72fa30d4e97c78ffe8a00c720e954652dcd83348611bb7d2ea7d314
SHA512 5c267b154396b733330ab222573b52817b72670bb95bda03000f15a2a19f93a47e26e2958e7f0cbad74a67a91b2574ed8cf99363b41fedb8d66591c674f29f22

C:\Users\Admin\Downloads\MergeClose.htm

MD5 43f36f53bd9a0fb805c2ddc913a9ebcd
SHA1 2bb9a4378c24ceea5e8811160bd80d3e9a484dcc
SHA256 f005f77b1aa46618dcb9a7bfa289d4dd9f8de8d95f21f3b4a2c89cd365a69d41
SHA512 07b92631bab80968144c0eec6361e9d466c62afd378c3bb892ebb9fc298280c7a02b1484ea52eee22b327df2769e1233cc5828c0df3d711dbcb9b3d8a084e105

C:\Users\Admin\Downloads\LockExit.jpg

MD5 e23d7d0129699acbafbed24ab0ec6fdc
SHA1 ebd8757d8a323fa023e08015fbbca61ac0c4300c
SHA256 391d4c9b0f6c228a323b1a4168ee8df4e93d552f8e4c9597ac9dfdaffebcd857
SHA512 822e44fb8183eb9e5a837da74eef3abbfba2bb5e06755e7fc46ca1a703c98b2a0e224efd95d36f5ce5bfe15cb74fb216c2f31dcae2f7ff293cd60025d73b28c9

C:\Users\Admin\Downloads\JoinGet.mhtml

MD5 b85f9a8ff08c669f1f29d765528467f0
SHA1 8991a1fa27c740381b7fb0f997856250c010ec4a
SHA256 d457309ee4fa870f42cbba9dc35a36c024394ca4d80634e86648ee5b8451b3b7
SHA512 25f502de04072cb15b4d030c74532f551d621659947d6f7b5709b8a1769539420f3a0f8fc76ddded6dff1a78b9d20e095df9a1871c6c988896a58665b846c809

C:\Users\Admin\Downloads\ImportSwitch.xml

MD5 27b9e64065312c20ea83600059c14322
SHA1 5e51905bd31f8dc391de382334a8a2040d656c3c
SHA256 fadeb825c2a40c5ce27ed9f560fc1796517463df2519931198760515fa268a71
SHA512 d85b59739cedd103f2645e45d8feefe3ba5e86f92ad82d2c1261e07b8078c79be1976fe0d26bb9f434d0bc72441441d204a186ca6ad44c763ad4d8580dd631ef

C:\Users\Admin\Downloads\HideRevoke.xps

MD5 850a36b98aa32d40ff68b90ebc8f4a78
SHA1 74499ea37d023b4b84aeaaea7016cdc4ce670742
SHA256 c0d5e2b13adf74d350e77b2dc2e2a3ce368f2e97b46c260ad3bd1eb93920ddd6
SHA512 8e1a06494b1322dce716564974b37b7dc5a1ac8833eb71e071896c77d79d2468ca2ef642bdb45b84edb905bba81f8c667e5093257216fda359e1a62aa78217e7

C:\Users\Admin\Downloads\HideReceive.xsl

MD5 83eb7d6bc317d6bc13e42dd71cd7833a
SHA1 83367f58107c857525110625bfcaa68f76524bad
SHA256 d7b05fb323544eca235a2c2be901f5f4d24a3fffb3eb98f9cb62b0317dd04d96
SHA512 1764140ef9a5073daf958c9f89c660f0fdf111b566bf490b99a238182972a5587fec4b72b51dd7c1ac2b5122ee0ed7c7592bf18972055eb2ea534b17a919f891

C:\Users\Admin\Downloads\GrantRestore.ex_

MD5 8d24958d5571afb4ee81ac75016dcaa4
SHA1 31e1522f88b0189636f330e70e2b1b8ab471183f
SHA256 b0eace59e6305c55f83dfb944df32abf2dfcbb270b36f395f3a14430f5d6f627
SHA512 e1f503a6b14a07f7aef78273c50d24949fe333ad981793e34846e41b59f2ab10ec9a052419f8a6a2b64f2b6ce7394760603bba6e67147a09bbf18dfc140e6120

C:\Users\Admin\Downloads\CompressFind.wmv

MD5 1ad62b5666fe76b6ae1436f4fdb7f890
SHA1 05ef4d68a445320e132ea93d065a040618fe750c
SHA256 7a4b953bb7654a00edfdfb0c7d65d08d1b99f18ecb1a57ddd3ed038b8de1a4de
SHA512 f8a1be8af53d7294a3cb04a6b606f69e7d891f70b7f498b43d8230f1c80405e57eecec6d4cfdfb599f07c4c07a0706edd152ddd984760ad492bd946ac1267b3d

C:\Users\Admin\Downloads\EnterApprove.tiff

MD5 a76c5b2de57c3f458affc9d6dbe9e353
SHA1 1d4256a83eeae12cb06357e98c36bafc9af2b0c2
SHA256 3b2858bc6ba33979ba7d8ff0d30b06a4d5069e716d5afe9bf24be2f25f3aa174
SHA512 5d9dfd519b343a2bf59412608938e5453b8cb5d8511958e554e27fd906512c015fb0cf55dcfa0d3984d0677cca0210df3cf9b68e24efa2f746fd094ca0c560a4

C:\Users\Admin\Downloads\EditMount.xps

MD5 6ba19aca072c1e124517d4e8f6585db7
SHA1 cf0cfd3d03c4174ed3e2a1dda59d41925c3ea80e
SHA256 a6a766ee2e904ed6919004bbb87a3dc21140313566eac9356cb14050975d8c79
SHA512 550b91a96c36f1e2807f1b342cdfa59d24e607ffdf6f52e4427de2871eaf432013aed47c3815e6df331da7e9019f3632584c97784f1e798ef60203cd1b3e7204

C:\Users\Admin\Downloads\ConvertUninstall.cab

MD5 d6cbe83b69ffc575dddf6a3906938899
SHA1 67d9559f4c5865727cc95604e8c169c8eff8e212
SHA256 ec3d8d54351416950b04410d7b3563123b57aa7f96b12544a7013ca844f4848f
SHA512 27b9f01db79c4a7945f54ca7b8582360b692fa0900d411691d70e8dea694cd8ba1c224f41202015ffa37b0d093a01e0ae8ad1884c8b8586fe62a04bc5d431793

memory/2000-248-0x00007FF9986F0000-0x00007FF998700000-memory.dmp

memory/2000-249-0x00007FF9986F0000-0x00007FF998700000-memory.dmp

memory/2000-250-0x00007FF9986F0000-0x00007FF998700000-memory.dmp

memory/2000-251-0x00007FF9986F0000-0x00007FF998700000-memory.dmp

memory/2000-260-0x00007FF9957D0000-0x00007FF9957E0000-memory.dmp

memory/2000-261-0x00007FF9957D0000-0x00007FF9957E0000-memory.dmp

memory/2000-979-0x00007FF9986F0000-0x00007FF998700000-memory.dmp

memory/2000-980-0x00007FF9986F0000-0x00007FF998700000-memory.dmp

memory/2000-978-0x00007FF9986F0000-0x00007FF998700000-memory.dmp

memory/2000-977-0x00007FF9986F0000-0x00007FF998700000-memory.dmp

C:\Windows\INF\netrasa.PNF

MD5 80648b43d233468718d717d10187b68d
SHA1 a1736e8f0e408ce705722ce097d1adb24ebffc45
SHA256 8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380
SHA512 eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

memory/5108-996-0x0000029782B30000-0x0000029782B40000-memory.dmp

memory/5108-995-0x0000029782B30000-0x0000029782B40000-memory.dmp

memory/5108-994-0x0000029782B30000-0x0000029782B40000-memory.dmp

memory/3792-1001-0x0000027859310000-0x0000027859320000-memory.dmp

memory/3792-1000-0x0000027859310000-0x0000027859320000-memory.dmp

memory/3792-999-0x0000027859310000-0x0000027859320000-memory.dmp

memory/3792-1004-0x0000027859310000-0x0000027859320000-memory.dmp

memory/5108-1006-0x0000029782B30000-0x0000029782B40000-memory.dmp

memory/5108-1005-0x0000029782B30000-0x0000029782B40000-memory.dmp

memory/3792-1003-0x0000027859310000-0x0000027859320000-memory.dmp

memory/5064-1009-0x000002BCAF820000-0x000002BCAF830000-memory.dmp

memory/5064-1026-0x000002BCAF930000-0x000002BCAF940000-memory.dmp

memory/5064-1044-0x000002BCB3A20000-0x000002BCB3A22000-memory.dmp

memory/736-1161-0x0000020820200000-0x0000020820300000-memory.dmp

memory/736-1187-0x0000020820D30000-0x0000020820D32000-memory.dmp

memory/736-1189-0x0000020820D50000-0x0000020820D52000-memory.dmp

memory/736-1184-0x0000020820D10000-0x0000020820D12000-memory.dmp

memory/736-1195-0x0000020820DF0000-0x0000020820DF2000-memory.dmp

memory/736-1193-0x0000020820D90000-0x0000020820D92000-memory.dmp

memory/736-1182-0x0000020820CF0000-0x0000020820CF2000-memory.dmp

memory/736-1191-0x0000020820D70000-0x0000020820D72000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\169AKQGP\support.microsoft[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/736-1279-0x00000208237F0000-0x0000020823810000-memory.dmp

memory/736-1289-0x0000020823B90000-0x0000020823C90000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ARV64HHX\favicon-32x32[1].png

MD5 fb2ed9313c602f40b7a2762acc15ff89
SHA1 8a390d07a8401d40cbc1a16d873911fa4cb463f5
SHA256 b241d02fab4b17291af37993eb249f9303eb5897610abafac4c9f6aa6a878369
SHA512 9cbcf5c7b8409494f6d543434ecaff42de8a2d0632a17931062d7d1cc130d43e61162eedb0965b545e65e0687ded4d4b51e29631568af34b157a7d02a3852508

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\119NURWM\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Windows\Temp\SDIAG_7b816465-765b-4685-b1e2-1f2c5ec40abf\en-US\DiagPackage.dll.mui

MD5 385405aab1d7a28dea9fe58d0bdd96f9
SHA1 a7c07aa34e61eaad40608397185a0ec708078616
SHA256 c51f3159af353fc059e4fb3056e6768620c7c6a8872ff815acf5287915cc2ddf
SHA512 03b3cf5409afc1eaf2ce5468377af2d741429247775209181a0d7cfd77baa062f50efe57f10994f70151561b5ad522d7b67cd06084fdd1a4e87a26e89792be40

C:\Windows\Temp\SDIAG_7b816465-765b-4685-b1e2-1f2c5ec40abf\DiagPackage.dll

MD5 9f0e103c30e13c425d42f1c462676f8d
SHA1 d680d2594a62fa7a41a871f16ac07f202edb0919
SHA256 3516504cc5daa5885e5df7ee664d7cc4c59260ecaf9febfa8bc006608f8b92a5
SHA512 35b61c15b5c66bf358723a528d394eb050b59f95dfa5ea0de7dc1f4fac2219fddf6222d5f2aba6b3566b9a6be4e2b7f12e6a671f87c3bf5044997a514c747764

memory/5756-2031-0x000001D3A5600000-0x000001D3A5622000-memory.dmp

memory/5756-2034-0x000001D3A56B0000-0x000001D3A5726000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ey0a01jh.quz.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\1468091789\2024061317.000\BlueScreenDiagnostic.debugreport.xml

MD5 82aac5f07db78adc7182f5346430e986
SHA1 1360c223cfe19ee4620a3ce79c04bb28a529e7b3
SHA256 c22f7070d46fa532b38aec7bd09d622331bcef1416eab966fca392efca6fecc2
SHA512 8207f1dbed12e9f2b87780db8eed8bfd53cad2c01682b0d6f96a7ed4aeb413e42a43cbc6346acb66627628e8a831708156716029202b8785250a9adbe1451e1a

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\1468091789\2024061317.000\results.xsl

MD5 310e1da2344ba6ca96666fb639840ea9
SHA1 e8694edf9ee68782aa1de05470b884cc1a0e1ded
SHA256 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c
SHA512 62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

C:\Windows\Temp\SDIAG_7b816465-765b-4685-b1e2-1f2c5ec40abf\result\ResultReport.xml

MD5 b0dd18fbcb3285a41dce6eded8cfa019
SHA1 37e4fa5291d8efc9eb72df31d65665b91876aa1f
SHA256 7b2d87e5a3058472e9580b4206b2cf298f25967b2d66f264d322b3894df67663
SHA512 302472ad901f73b0b069d94e747eb7f518508ee3524185c6e9e08f515e71b30a1ea5bf4315e00e745c2f2cba662b2f16f199fe42e5d9a7742ad2697f5bee8f39

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\1468091789\2024061317.000\ResultReport.xml

MD5 736a696140938191cc0ddfb1342a32e0
SHA1 bc7d3bd9207429d5bfbba13f6dcb9ab53f4ae9c7
SHA256 41498c759b0a9d0b7cdaefd49ad9b77a35d1ecf98518dac9140a8e39a3e9defe
SHA512 4ac64d84d1c000a07b413e018d9179e0ab7fe1ac1bfee0a90eec68f643cd8ba231947d61b0e78bc7ba0ba82d6b3ed00b605acb2c5a259429c21a9c8b8fa82aaa

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\1468091789\2024061317.000\results.xml

MD5 47adc36081834dabb4d2e7846b78698d
SHA1 25fa60b1abf6fcc0990c1ba3a8d4a7bde264c81c
SHA256 cfb5585e07be0ad41c89ce8b720e5e77c3c76b09c34d7ace1e48962dc2dae85d
SHA512 564e04999906c2eff708e8da49485dbd5ffb9ce813452c6d704aef22189ce0e6368c096783777e2d57fc08c874e8b09d9560bdba6e3f610bf46a2b688e78f97c

C:\Users\Admin\AppData\Local\Temp\PLA2BB8.tmp

MD5 95e575e3163deb11135f7577a2a3f2e8
SHA1 27a99db312f71fc55a4960a915e9792426521fdb
SHA256 e81a064e44cf3982f804e48b10c969fd525170777ef0802c642e5d23ccab07b2
SHA512 86a7827189d33a2f52be1ad9ae525b7949c8e0d9dd2748cd9bab6cbe00befa09ba0ae5b3e2086a514c17380f76e2df5e58ace8c5be751e999e9a9d732d43c745

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFBAE1F4693F3B92E1.TMP

MD5 8e344fc33f8954af4294c174e1953b25
SHA1 0a129e9d7e79b247edd6d4570ff25e630213f26c
SHA256 d1a3af1c22652a1ce1a6a85ddcbb836273bdaad2ef9799574a93e66d81b9c341
SHA512 01b5602249d3882013919863677f5872c5a580ebd429c57a7fcd3f5e973d3d5e22b541fbd8f23e696a2695e8c61b02d9a24e3ae37627537c1272c08bf495168b