Analysis Overview
SHA256
8001dcd5140036db44b520b10b759092f7dcc7ed17346c1d6bd04db8c655f1f2
Threat Level: Likely malicious
The file Clutt-Virus.zip was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Modifies Installed Components in the registry
Disables Task Manager via registry modification
Modifies system executable filetype association
Modifies file permissions
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Opens file in notepad (likely ransom note)
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies File Icons
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-18 07:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 07:28
Reported
2024-06-18 07:38
Platform
win10-20240404-en
Max time kernel
579s
Max time network
377s
Command Line
Signatures
Disables Task Manager via registry modification
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "%SystemRoot%\\System32\\imageres.dll,-105" | C:\Users\Admin\Desktop\Clutt.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\4032412167\4002656488.pri | C:\Windows\explorer.exe | N/A |
| File created | C:\Windows\rescache\_merged\2717123927\1590785016.pri | C:\Windows\explorer.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies File Icons
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons | C:\Users\Admin\Desktop\Clutt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\3 = "%SystemRoot%\\System32\\imageres.dll,-105" | C:\Users\Admin\Desktop\Clutt.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631693763815684" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\dllfile\DefaultIcon\ = "%SystemRoot%\\System32\\imageres.dll,-105" | C:\Users\Admin\Desktop\Clutt.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cortana | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\IconSize = "48" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133567065728993929" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Sort = 0000000000000000000000000000000002000000f4eec83032a8e241ab32e3c3ca28fd29030000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "%SystemRoot%\\System32\\imageres.dll,-105" | C:\Users\Admin\Desktop\Clutt.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.cortana | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupView = "4294967295" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "%SystemRoot%\\System32\\imageres.dll,-105" | C:\Users\Admin\Desktop\Clutt.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f80cb859f6720028040b29b5540cc05aab60000 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:PID = "2" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\FFlags = "1092616209" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 14000000070000000100010005000000140000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b0072000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002c100000000000002000000e80706004100720067006a006200650078002000200033000a005600610067007200650061007200670020006e007000700072006600660000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000074ae2078e323294282c1e41cb67d5b9c0000000000000000000000008991977551c1da0100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000640000000000000002000000e80706004600630072006e0078007200650066003a002000360037002500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000100000073ae2078e323294282c1e41cb67d5b9c0000000000000000000000003394597551c1da0100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b00360051003800300039003300370037002d0036004e00530030002d003400340034004f002d0038003900350037002d004e00330037003700330053003000320032003000300052007d005c004a0076006100710062006a0066002000510072007300720061007100720065005c005a0046004e00460050006800760059002e0072006b007200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000640000000000000000000000e80704004e0070006700760062006100660020006100720072007100720071002e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000fffffffff9a6406d323dcb4f8a86be992e03dc7600000000000000000000000021f776218a86da0100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.cortana\ = "56" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana\Total = "23" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\ = "%SystemRoot%\\System32\\imageres.dll,-105" | C:\Users\Admin\Desktop\Clutt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByDirection = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Users\Admin\Desktop\Clutt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668} | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.cortana | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DVD\DefaultIcon\ = "%SystemRoot%\\System32\\imageres.dll,-105" | C:\Users\Admin\Desktop\Clutt.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Mode = "6" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:FMTID = "{30C8EEF4-A832-41E2-AB32-E3C3CA28FD29}" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\FFlags = "1092616193" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Instance | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.cortana\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Clutt-Virus.zip
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1596.0.890759245\1157667518" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec05b1dc-7cdc-4b00-9d88-988b8687d9d9} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" 1828 14c6f1e1b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1596.1.247825441\89241457" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c015a5ad-0f5d-4b7c-b61d-958033560ed0} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" 2184 14c5ce70158 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1596.2.778475588\225445389" -childID 1 -isForBrowser -prefsHandle 2740 -prefMapHandle 2716 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3377d21-992c-4caa-9933-bda2dbf7dc05} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" 2944 14c734c7858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1596.3.1321056775\42527901" -childID 2 -isForBrowser -prefsHandle 3484 -prefMapHandle 3480 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad6de08f-e60e-4a12-b1c9-6ff2709afe83} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" 3500 14c719aa558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1596.4.326792632\1476470959" -childID 3 -isForBrowser -prefsHandle 4360 -prefMapHandle 4356 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21e73491-62b2-46f4-98ea-b3aae312f1bd} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" 4372 14c751dc658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1596.5.504545096\868209636" -childID 4 -isForBrowser -prefsHandle 5028 -prefMapHandle 5024 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e5aa72a-d2d8-4576-9e2b-f3a9d674212b} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" 5040 14c7216c758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1596.6.608880347\478826074" -childID 5 -isForBrowser -prefsHandle 4820 -prefMapHandle 4828 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa1e4efb-4b1e-4086-ad6d-2dd9806ab613} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" 4848 14c751dde58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1596.7.437883443\1391842042" -childID 6 -isForBrowser -prefsHandle 5216 -prefMapHandle 5220 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cee5793f-8535-4e27-9aa6-22d52f7eba74} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" 5208 14c759c8b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1596.8.538571616\965105446" -childID 7 -isForBrowser -prefsHandle 5520 -prefMapHandle 5672 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e9ac37c-d5d0-4f4b-9f20-39aeaf85546d} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" 5696 14c76f98858 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8ca719758,0x7ff8ca719768,0x7ff8ca719778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1816,i,13721150778046368046,4376005155109959828,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1816,i,13721150778046368046,4376005155109959828,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1816,i,13721150778046368046,4376005155109959828,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1816,i,13721150778046368046,4376005155109959828,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1816,i,13721150778046368046,4376005155109959828,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1816,i,13721150778046368046,4376005155109959828,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1816,i,13721150778046368046,4376005155109959828,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1816,i,13721150778046368046,4376005155109959828,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4892 --field-trial-handle=1816,i,13721150778046368046,4376005155109959828,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3104 --field-trial-handle=1816,i,13721150778046368046,4376005155109959828,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2984 --field-trial-handle=1816,i,13721150778046368046,4376005155109959828,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3004 --field-trial-handle=1816,i,13721150778046368046,4376005155109959828,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2996 --field-trial-handle=1816,i,13721150778046368046,4376005155109959828,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 --field-trial-handle=1816,i,13721150778046368046,4376005155109959828,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 --field-trial-handle=1816,i,13721150778046368046,4376005155109959828,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 --field-trial-handle=1816,i,13721150778046368046,4376005155109959828,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 --field-trial-handle=1816,i,13721150778046368046,4376005155109959828,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\Clutt.exe
"C:\Users\Admin\Desktop\Clutt.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\notice.txt
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\disk.sys && icacls C:\Windows\System32\drivers\disk.sys /grant %username%:F
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\bcdboot.exe && icacls C:\Windows\System32\bcdboot.exe /grant %username%:F
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\hal.dll && icacls C:\Windows\System32\hal.dll /grant %username%:F
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\disk.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\bcdboot.exe
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\hal.dll
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\hal.dll /grant Admin:F
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\disk.sys /grant Admin:F
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\bcdboot.exe /grant Admin:F
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\Explorer.EXE
"C:\Windows\Explorer.EXE"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 44.232.194.163:443 | shavar.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:49784 | tcp | |
| US | 8.8.8.8:53 | 163.194.232.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:49790 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 216.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\a9849fd4-ddbf-4ca3-b242-291a30a074e6
| MD5 | 6379327d95509377595fda1ff8e9a87b |
| SHA1 | 332ed9e27d2aba37c01ba043edb76a19db84dd28 |
| SHA256 | 745c754ec575761fdb9bd6de5843645fc254a1e5220fe6fd2e9623648198e1a7 |
| SHA512 | 99e4dc49c7ada22610e426363449602b4437341a0e5ec416eca3e5f95354b26ce4892600075c82bf5a174899f2a7fb99f4fe06eee99359870858071ff7c03bbf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\d2eae80c-ed97-4259-86ea-07bb57d7fd88
| MD5 | 71ea8a8bc33591850985154509b48262 |
| SHA1 | 17778fc3a1c9ac58c8a4c405f9e27c4a8dc57de5 |
| SHA256 | 3ebb995ad052831f6f22d404e0a577769e8bf864d225eaa06a56d97f9617aafb |
| SHA512 | 8f9dd3081c706184d2e55a786024c6c0484a9944512a02db95ce3f7b4d0bcd3bccbe16cd5950571aa9fd1d9c0d6f0f942be62e877eb0175c22eddbd283c97301 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 6328cf029fb3f5ed7de1f812172149a1 |
| SHA1 | cfde4eff95ce144125b779c355c35df58a98585d |
| SHA256 | 90f36189361efe1f5b73fefa9b9a1b248afecbfa96b0af2dcd2a3a6eb93bf327 |
| SHA512 | f6b58e51e1ea69da492ddd06b49cae276ef9e540367d87fddcc6fb7c903b1d058b8b24eb2deb9e8e328284a720089cb2dd53fca324e302d7c2af525203c987c2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | e7d901ad03d22078f4c42ecc83c3bd45 |
| SHA1 | 13ffe2ced2026e6b99c39a96d006c7832a72ba17 |
| SHA256 | fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17 |
| SHA512 | 8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 95aa4de244c8807c7ca7d5f1ad711b1d |
| SHA1 | 0cd49d1866bf1ded2141f8da1288c40b5ddd22cb |
| SHA256 | f79500ab20ee405c993990f6e6488f31639ab28938f3b6e61d01cdd2d30e2265 |
| SHA512 | 35cdeafd00a8d778999cbc6d54d0ce753a907852fa7ea7b7f6d3704bf18a6edfe5d058d6128cd5713232d57a73d41f9651522987a97d87d9f1a44ade810d6ba8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 90d93d14e0b6b43ba1ea35e57bc60bf3 |
| SHA1 | 40a1dc4c304c1e0da9434d6dd16c23b7433b5e02 |
| SHA256 | 40cb36628b466cbbeb1072377e3f9a30a6a5be8fa82f19d1fcdb4626f5a65f11 |
| SHA512 | 34ab9f58451d62c0a4ea0645fa27249adfa369849a9df8567f5b15f262cb3ad65fedefea793cb5100f33073a32cabe807dd856390d637ca68632a234d5b823ad |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a0d6787c6b47657f315ede106fced260 |
| SHA1 | 1b97f815debad23cafa43b7fa29946e5f8944ccc |
| SHA256 | 37b2c517958075480a6394418be42c049c5d85f14cb4077e3781d448febd2907 |
| SHA512 | fcd2c12539a3882e5f8b843112ca0b9790a3224418efa2e86e13330c8813c3b6156ee05aaea982289209cb6df10f827074f032cc539509e36bcc9af1cf5cc966 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
| MD5 | c8dc58eff0c029d381a67f5dca34a913 |
| SHA1 | 3576807e793473bcbd3cf7d664b83948e3ec8f2d |
| SHA256 | 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17 |
| SHA512 | b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 02fbd108b4d5bc50e94bb56ad2339224 |
| SHA1 | 8c467eee01d871d2fa2714ba9e89e8b86136c5c4 |
| SHA256 | c9274fcb910949e45c51272aaa20d112365c8b2cf9e13b87bbffd99f7b5914ab |
| SHA512 | 16324ad43e9f218d36f68d19ebd54ba7902c9fc59bd37425386eee5d24a5629026cce35d5004d05e813ad34671b1ea921795a98bb4d3a98e1a40c5625f335499 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
| MD5 | 41f687dfc05ee058e1a8467f7594e613 |
| SHA1 | af8e21caba83ba41c0ff7e572c7103ba42eefd65 |
| SHA256 | 6aeb417a86bed255062bf6a99c92de82f0d8ef26e6d437a7617f6b0861e95817 |
| SHA512 | 1e6bd7494bd6a55b439161ed54bc27bcf5ca25f9807178bcbbdf5e3e321003342a757b113017f01353bd44ce0cd1c888852c1f468d903bfd0ae3645a01d424ca |
\??\pipe\crashpad_1008_MDEYCBVRHPTYDUMQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3f2d98f01fffb61645626ae29469e3ba |
| SHA1 | cb22724276b3188959a9c75072d07d20e691e6b3 |
| SHA256 | 646c04bcb64e148b14593cc46c1f8ed7172805aa7290d1f3da465d6bdd3093a3 |
| SHA512 | 9eec48b664bb9b1e81bacb1ec47a8272c6984eb8d787c908acc8a070d905a8989228f63cf9e027ece1611380a54d40b6ae685b4fc780d24aa0ead006e404f9c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 06e4cf5e2cb3426abd428ee0d7b2d462 |
| SHA1 | 88ff2a0981bc325fddffec6c47540563e93ef591 |
| SHA256 | 1fb6ef40c9dceb871ae7c8e5d601e95c5fd0800920024b2aed69a353b30cd12c |
| SHA512 | 4a4ba93429cb72200ab7eb83c4e1941f57d27fde60b6b6d0ab179e88d8ee968b3c30045449b46d9c0a6a9d49868ad526f3c05bc53da413b9df4f9743eaa99762 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ad960e59d54e16ce3a5221e4d2223d37 |
| SHA1 | 97d98396488e844d813ee88349f1bef8099fcc62 |
| SHA256 | 6f104fa842d5fa613b0a9d5f10cfe83ac2ae7ed463b67e6c7c3ffa29a16dc54a |
| SHA512 | e94294c97e4ed39d5f7a788f4dce1c2224fc65cdb7d9f5a497b71a5df4b0ca8decda3e6ddcc92de880ca6c42ea563da0f87757f861e94fa9db7e4b413c2d9111 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 72c68a6812e997c2e1aa6a735e8d937e |
| SHA1 | c5b0bf453f1b25e38bbff9e989fc456ce13dc397 |
| SHA256 | a31db519940426e2254be69108cbdbe26a109e2255cfb0420abbb4580ba9eaea |
| SHA512 | c5fe6ef3a56e5d5f2c4ccca0aa181b9774ed1dafa3f1119181fa9bb1d553cc557b9c6523a436ad6332b601351fdd054956ca13e53c4b2ca1d8817e0ecf180603 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e5d7f570d88f1c6bd3a64c9757da0e22 |
| SHA1 | a9d193c8f49a799dcfeeafe93d37a64dbba2082c |
| SHA256 | 18213d5b714e57c6ff9954cc6ffbd891cce177a19385f27e5facd5358c99f4a9 |
| SHA512 | 4601f09fed6cc16b27cc75e223b8f9009cebf818398901626b48c5208e356ebc62967ecabb44deaf686da24734ec91e947fa3ab277449d65a8b4952aef089de3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8be2055be6cd0da6381c45728a5a1614 |
| SHA1 | 61bf65e70f29a7068c8da013b0f939740abfa488 |
| SHA256 | b7c9b29d71c086a29799321fdc345867e5047b1c6d61fec40aa6481c21efadb8 |
| SHA512 | a6998bc36be18ad874d6c9118c709a6045e7d0483f2f4689e7260eb587f8232604a3e12e6f33b310ba25835d44bb9116159c52894eae0847973c5d1b484775e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58acc5.TMP
| MD5 | 3c314236222d01970bbe80aaaf0ddf46 |
| SHA1 | 9f1f0a7940c2e1d0ae421d52ae42ac92042a1c1e |
| SHA256 | 23d1fc4db9b465bde34299d9822b98ed3fd9fdccabc07c03515fb623032ff375 |
| SHA512 | 8d9d372dd9137f908b7ac95127afc8ccc9153f3a79636f00d9785459b4b52ee9b106248f5559c5888d5bc55afdeff67a556046667ecca362731b55810b521cd8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 3fedd56f7f25756b1dc4afa89b665b42 |
| SHA1 | a2489703786f141d7a3830b20026edc4308d23ea |
| SHA256 | 3b3bbd90e02c1b481dab36579515c3f9fa07f86df0c92456a3899a5363c79b0b |
| SHA512 | c3832b450e707303a352538297a506003c92bcfa78b69157ce53799cbc6b9a34eb103b25361a1c4c799db0add9d67ed0ddd109cbbfdd4186ce78a30c3606bea3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c9a781f36d925905221a33675d549482 |
| SHA1 | 1cf40d4fe2030c253730c9bc10e1dbb74686fc96 |
| SHA256 | edeea4ee604f1c713b584f65edcb573077fcfae599a3b08df92385569938a1f5 |
| SHA512 | 6328c9db90c2a2a07a607488bd4aca0f1796697727100c04711e84a347f72f0d3f6dc754e9c87e09cfe31ed33aa863fb83693c66a6b989b151f6bfd469ff54c5 |
C:\Users\Admin\Downloads\Clutt-Virus.zip.crdownload
| MD5 | f8001e4f8c2ee372fd96f00f94caa73e |
| SHA1 | 5ddab0e6855f666d93171eb5c461b72780c3bb56 |
| SHA256 | e03844ef7cd750194d691dd2b473a8cb215d701323653f3cbcfcdf99eeb8aedb |
| SHA512 | 31e35922cc6737b889aba2bce02c989b2b54a55f850a3fb2516b78db6e8375eb907e94b639f8581cfff53a1c3ccd73639e1af32b282a61d1d16f513c81fc9041 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | f74e5a985a67817a7d266d6490232336 |
| SHA1 | 40b321568db3e4f9c568ff3905e86a056566cffa |
| SHA256 | f67f9c73e725c71559b2a430c4a7354a639565344761fade4b7bb58df27489ab |
| SHA512 | cd33de9f01973b0d28b439b88c6e4bd0c387a83a7bc1c9e5abbccbdb8baae85e643b5ea56bc59a734b014c830f6ea0eb4931c8bf1b75703c8caa80bd59221a07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f55ead247d74f925427bb163e7198452 |
| SHA1 | f9fd14dc1ed7d336f4c5530ef00a14aa915f3309 |
| SHA256 | c48abfb5d209abf9a9a6f250344a12c5feeba6a9c02d0ea0f0df3250039cf2e7 |
| SHA512 | 490ff12146f38ab6890c36325c49d3e9069ab8d540ec7894dc9cc90a90d001197c1f00c1efd4c9b73a564646ab37feb07ff3dc3f50a4950bb59dc70d2952e4a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dededbcef3cb4c9d00fb74064dbda97f |
| SHA1 | 059d423fd6a373d876cdde756b867323e213bc15 |
| SHA256 | 55635acfafa61a1f3f0ce5036bb0be7e8140a97f31c82ff2baa1d5f5bb34bf2f |
| SHA512 | 5bf1982e56cdfac67afe6b1129a4315c4bf1e58433b3fbca5575f507492f61c12120990c48a010e0631475b9564640551983b4703bfaf07d3385d3f882df893a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9710a3c0b13f3c0e1ff8af15d0439654 |
| SHA1 | f1dee9835dc87f340c530cdf37ba88eb11a98465 |
| SHA256 | 448c252e54c5066000c4a7f9e134650a0b2f1839c31032d92d981bdbcf706baf |
| SHA512 | 421e0b88df9d16a1325fe36eda4e18c152e1261166d0585ab246822d9b3e29083c65cfb35d96a7227d4949207c5eb192037f7dd93b67a24e920740caf97e3e2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0bde47677e58988672a8c758853bf3c2 |
| SHA1 | 28ba5ed569edaf735a713913dc2303d9caa8d1ad |
| SHA256 | b03fe648c1d430faf6b09fc8cef78e5342f83fec8cdf6a06fd4a2315bee68a6e |
| SHA512 | 77959b31f39f8f1dbf7b690b62907dc63ba5c5a1116ff913799e9c5cb07f060decdb06c03f971cd8b3746db44c8faba4f55b0cc550f281b36870e80eb9eada43 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | e0968326b854e3898d007fbd052dd5aa |
| SHA1 | 9268d8f6aed5a8b546fdd01bdd6ca6cc7ec3bd2a |
| SHA256 | 3e8951eb89c0cbe699a0114c2231d9780063bd7e85665c60eb4625b840e95ab2 |
| SHA512 | 9d6e8e430fa5f5daad88141292c004085782f8a8251d961090d5efe442d01be7c8d1007f93502e32b26e4cbebeaa7a15c5f9e0769b54e91712bc285df0f9f164 |
memory/4152-871-0x0000000000D10000-0x0000000000EE4000-memory.dmp
C:\notice.txt
| MD5 | c2d7e35bd00150e2d3d28888df5d10fb |
| SHA1 | f7fdbcc3d6cd02097a037ff163f03f44a8a839b1 |
| SHA256 | 494ba1d8f3532b2e68857b7f9b603addaeb3f506f36eeb1fd0cdfb506523c87f |
| SHA512 | f5cbd03ad348c94b55eabb11e1bd6fcc09646be103ea96ae190d5fadcf253c6a41894912ebc91bfaf6759df87ed44e9c653305de2b973ebc1d844591107352d0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 8dc6c44117ae6f2f36a79dee5aef4956 |
| SHA1 | 52a866263796a85aea3b915dd5bf572608d8ed77 |
| SHA256 | 13b729e79e09e387ea2b64a07f66f145afd31d37a4f5a4a94b9c2e3a310afc0b |
| SHA512 | 2f5f50eb6a02728d87c4058e1fae34ab7683c2100d738a73dcb496b27d3dc6d927e383f0e13e0c9fbfb6c5b3cc03a023f604027a9811c8b07274f09a3f6c13f9 |
memory/2116-877-0x0000000002CF0000-0x0000000002CF1000-memory.dmp
memory/1340-881-0x00000276C6500000-0x00000276C6600000-memory.dmp
memory/1340-884-0x00000276C6CA0000-0x00000276C6CC0000-memory.dmp
memory/1340-880-0x00000276C6500000-0x00000276C6600000-memory.dmp
memory/1340-879-0x00000276C6500000-0x00000276C6600000-memory.dmp
memory/1340-905-0x00000276C6E20000-0x00000276C6E40000-memory.dmp
C:\Users\Admin\Desktop\UnregisterTest.vst
| MD5 | bcb51822628297b427575039982f1811 |
| SHA1 | 928224993aad019a6b5babb8955a81afea9edc7b |
| SHA256 | 3f70744864a92d815bbbcc12712e9b621b2c6e8ac5b1dc995664480a781075c9 |
| SHA512 | 9799a581d7d1aba551977e6c056c507bd9ca5e54deb51cb1cf0679c52a70ed4e416b6844a77c3c60565dca98f10be39a827e797df7b942a671310a8db06925a4 |
C:\Users\Admin\Desktop\UseConvertTo.raw
| MD5 | d626e9be409e9ff21e75dc7a371acd9d |
| SHA1 | 0606b7907472f08c54c6b5197c5bad4ad54aeca1 |
| SHA256 | 141ffc47aa1007274ce51bcc085d69613f828c71e0b8a42a84c43e7edbdd1553 |
| SHA512 | 46b84e82b65731102850304ac9ebef802ceea1da118dda515856a81a474bf8a5e5ad2623c22cf2f3e1bbcb8515b84d3b170c0ff23b1865fff97d46a0c95349c3 |
C:\Users\Admin\Desktop\WatchFind.mpp
| MD5 | 0d410b4cbc0574af263c5cae463c3b56 |
| SHA1 | a4b6374ddb19ad76914b5bb12e2cd0fff10a380b |
| SHA256 | a9b122219ad7710d20c78653f89ff40270d41423e51aed8f32c5cb0399fa57b0 |
| SHA512 | a7c6d300fe6ef9c1bbe16faa6e280d8cc68284c42042443e1b8f5cc720931353ad55acd5dee228a8ee1ebb2e308bd6a3ca4065dfd56c8bc11e5222b9c84e80bf |
C:\Users\Admin\Desktop\WriteExport.ADTS
| MD5 | aeae73d3dd26d8caa8ad90d97cbac33f |
| SHA1 | 700bc00e9363fc8e5b494fc2135d51a8fac58274 |
| SHA256 | 43421c94fcc6be19fd64f35c1cd5f9e28ffa7b55dd5559c60a7a24f93ebec437 |
| SHA512 | 71cb650f975bfe8953567ee5a5194ed49bb864d602ea3d826ba7392801d4a615ef3559bcaf7dcacc65a160f2291b2e5b9d20fee54f8063c0fbc3b3be9dc5d29c |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | 5013932dc5a8e8c52638110277622783 |
| SHA1 | e65e91dae0ec64987490f29463eb1a9e94edfe1a |
| SHA256 | e027940fecedb6aaadfc0358ce446729dac7d9eb296ed90320217c9d818bd281 |
| SHA512 | be64bc213f9e3095957a0b03e347145c0f038c7a33d1103e79d9a423268d3c3a9bf50d94db0cee9605dfa7af8d074e1f7728bdc853da7c5c92233a888dcc8aca |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | 1391c043e54774437438c1b4903b2fb2 |
| SHA1 | 900728322a26ae6748fa5b0e0de6bab199daa826 |
| SHA256 | febf9b28d5c365cd1289e467b5aaba791d69ab80a1c88148f883efaa6017afd1 |
| SHA512 | 3c1d0df714ecb2a00dc34e919255f0b33efcc05a3fc9720368264c74dbd1935bfecc448858fa4cd98b71ae14d6d95e6041067cf9fa8c6f2ae11186adcde0b812 |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | b000e5e73f3fa2cf95db4cdeafa2cf8e |
| SHA1 | dd9294fd82637ca1500837bf656cceaa28ab39d6 |
| SHA256 | 4b45db9e0db6e72ad26e4cc5bc54bf3701144124a71d552735421d749d54acef |
| SHA512 | f162594541a03a5c3fe40100f3ff04170681d1ef2e0b453709af5b77206027df68727032340336f9072bcf719f1cdd8c2cd71aa9adaa64705c664b04eeb41e69 |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | 0b67378dd09114afa5d5bb2ead266875 |
| SHA1 | 9165430886b1eb139bbaef99b1565abb56db0a15 |
| SHA256 | 16850f0530c034b7639b65fb60b22fa319ae477819006c9db59fd06c90777362 |
| SHA512 | 62b7336c8d7a79c0b74ace8a54d2d70d32c8807f4b9e5ae2f69be80a0bbad9a30d3418ee6d65b8a39f5cb639070dd74e6473123fb4cf1ea3f30b490351daa6ed |
C:\Users\Admin\Desktop\AssertDismount.dll
| MD5 | 44e213702112ae4c67ce007df1c268fe |
| SHA1 | d65f10b7103a0ece8d7a0bbf6a62617f83850731 |
| SHA256 | 8be68b7b088f0b1c9d2b6db819c09eb5c9bce6c277027b8761c2c0f89a47ef2d |
| SHA512 | ae07236563d3df4efc0327d7aa1bdcae866ff50ec00acf6414c036f7992c1dfe10ca74f4025f567a1eba0ab05148cb650d4d1284890388232a9971303ed66127 |
C:\Users\Admin\Desktop\CompleteTest.dib
| MD5 | de01637b89eaee929ce2b861bae675fe |
| SHA1 | 79003a2a8288bf82eed354f7b8416f9642322980 |
| SHA256 | fb20adcc6d7aa95fb1d12af2445474a6d519f3dba93fdf81fc14aa8cfef849e1 |
| SHA512 | 7fbde90eda54aad61b4c641e4e4c65d51fbea45ea4c63424b17b1a1ec3b5609db23c48e4550a3e8c80fe0b80e64c01b98bbd7ee44064c4700ca7867dfdd41b78 |
C:\Users\Admin\Desktop\CompleteRegister.kix
| MD5 | aaea17d399b2851e4efac644a543320e |
| SHA1 | 90efdc157e353595869a1737ea564c0af14f3045 |
| SHA256 | ddf6bc23819e1ebba993fcefcc2eda89b602a2ee81623e8866701dad2ba7c8b7 |
| SHA512 | 92a1b36c6c2fd314e82899cd1da1c7452810ad9e270758b33708ce16145a06629750e227f85bc694716f5423163ceb4b501c1e9bd95154d1d3e1cc68c8882655 |
C:\Users\Admin\Desktop\DebugConnect.midi
| MD5 | bf6d6023f739e6497fe3ef5878583abc |
| SHA1 | a39a7b700d0583da71bdd0320cc767245f95cbb9 |
| SHA256 | 8f81d35a0a8e1c02897e704304a1c54768ee5b277ee88e9f2ae3f8c15b259922 |
| SHA512 | e01cf649c5885ae8c66d50b425675c94d7184548ae69a625dc814f4f38416cc0aac47d138d90c3fb995fae02e541743bea25c45be80be1502cef586989897a6f |
C:\Users\Admin\Desktop\NewMount.tif
| MD5 | 15ef35cbb5c3565476e7215adb7fa9e0 |
| SHA1 | 88633fb65bbbb3a183192c480599133cb5ff2080 |
| SHA256 | 17c86fa1a64b000a5a9be3f13dd8370a31ec43cb1a9573cc5777138796b65b8e |
| SHA512 | 2a245db50af4c987f5639f347588e4905f397175d15d58f96fbc0affe0892bdbfb57eb82eae464a67124bf98970461f129e40c1c05c378fc0fb9dbe5549c6340 |
C:\Users\Admin\Desktop\InstallPop.htm
| MD5 | 7ae10ae0624a1478635ddd00e02b462e |
| SHA1 | ac8eabdfc6b07256b0dd14a717967c39f44b7299 |
| SHA256 | 8c84b558d7a65953d51ec6620d3381f0caf24ba28cba941ddccd4a6a95366fb3 |
| SHA512 | 88a551e3c34d56eb3590a475d853d7e23acf4664e5bb5d6224fa0ea24120fa5ec377d3f814fa7099b71a3b0a461ec6a69666db3e115c1de04cd0043148a12348 |
C:\Users\Admin\Desktop\GroupBlock.clr
| MD5 | be2ab1455d9975f4c76ae285d9157f7d |
| SHA1 | 549be84ef0eb00333564abbf45b2fbaba805881c |
| SHA256 | 2a389f89f208a8103261c234c27ae8de525bfbf3f4dbb518a107accb9432b9a1 |
| SHA512 | 0b08e547011443d26887c8fc817d0b6069241d8e969bac58ab3538e893f63ca72a2181eb86f48ae966c43e65a8ad6541c99f0dfc453f14dc15a1c9037daa9e6b |
C:\Users\Admin\Desktop\OptimizeLimit.ppsm
| MD5 | 33220edbb96a2c86a5113c38ab3bbbfa |
| SHA1 | 21b66b33180c092db6d549bdf1739338db9aa2e6 |
| SHA256 | 6704ebee614c7989cbe234a6af5d838735cb59b735eeea2b786870c62f795b5f |
| SHA512 | bb9d5e804945f178e2453a16a70990400f6360d621da198b9bca7a148af2d06ad42e0bea1f7f3afecce6801ba2f2cb20cedec8dba38801774b137dc46e217ebf |
C:\Users\Admin\Desktop\SendPush.MOD
| MD5 | ff8b8dc8d12a31cdc0bd29958712bfdb |
| SHA1 | de213bacbad412c4a795b6f7bbcc07378f3fde02 |
| SHA256 | bcb3f0759c6ee537258bf041c62bbd958e29f3b5abba2aadb79dff70953063ae |
| SHA512 | 1930c7653ee551270674f50555b569ff73d289281d8dd3680c922a0099eded4fcf8f41c0b756af82de4d7ac74d59c6b205af6488a7f139bac59f48a092a3857c |
C:\Users\Admin\Desktop\SubmitResolve.dwg
| MD5 | 16b772df8be9c792b33f695928cdcf11 |
| SHA1 | 75af8fb72f236ac9d244032fdb2a07d7e2aaa214 |
| SHA256 | c45e17063654d849f3769c37832021f223392b4db696ea20ed0d5f37d5cce5ca |
| SHA512 | 716833b6b7090ac74d87c2c91cbb831c5059da57646f06f0f42f4906c3881bc41027e968f535125cdb695a3801904b6f7c27f8c7a34e080854cea2f4b5326f1d |
C:\Users\Admin\Desktop\SendRemove.wax
| MD5 | 1d0f7517d323ccc80c2d963cbe1804cf |
| SHA1 | d2c8ac0e2c67585b12b566e45e10ada9ab43969c |
| SHA256 | aa82152d5bab2607e84753581c74429aea8ab1384be2d9a52b37a07b3c71c449 |
| SHA512 | abd495aabb481d5ef458296d981c0ab6b8c7622f123e17b113002d7450536b3075d901f198d4aca18c3d673cdb97969ee553d78f3c92762fac90b3450b84e117 |
C:\Users\Admin\Desktop\SelectSync.xhtml
| MD5 | 170d6bed7e138d5c1d0ca90300a4b0b5 |
| SHA1 | e12c90cee7e2d31e0aeb09c591a6b5d11c40d31c |
| SHA256 | 8306a2e1b6bb6eb4f6ccec3ac65fbe02d381cc87bee71bbc42675fa12a892391 |
| SHA512 | 7ec7b68e88716a67ccfe177ca4b03262176cfcbbdd2cf6cb43557b9eee4fbd199135d0ae604ef7e9b10b90d447bce682aa954ebe7c7c3fa358da5776d54e929f |
C:\Users\Admin\Desktop\ReceiveShow.odt
| MD5 | 0bd54546bbee489a0cd96cd94c3c38f6 |
| SHA1 | 03065779238a9136aea92f67625ffbcb0c5410bf |
| SHA256 | dae553eb46bc08a36b6bb02b9b096414c5debee403d725a3b402e258414e4abe |
| SHA512 | 0190411ad69c15f0c450e90a097721581118762d1d9af878ee76db75133ad5a70e97c3a12a6b1ada41c4032351213ee74f892ded69f55c00ea1b688f1b43b2e9 |
C:\Users\Admin\Desktop\PublishGrant.ex_
| MD5 | 2077af94e9d8098be12a852723a41a86 |
| SHA1 | afc1adbb48dd16c29bad2c7c32f9b6a71b3173a5 |
| SHA256 | c6f1bf36b1fc4d580013f949883023f3ea5b726f9d45eeefdb17c6f2d2f34ade |
| SHA512 | aab5d14a7ffc24511c90b15a6da81766131bd65e680a5d081b6410df9e786cd3833870191fabcd64e7fae2649c4009080e48b11876c6f4ef444fd4a6be7ff810 |
C:\Users\Admin\Desktop\UnblockRestore.au
| MD5 | fb5fb58e3639fbf63259b20a4e855c91 |
| SHA1 | 78703eaeb6b5643627f59e396905a7d4e9eec157 |
| SHA256 | 9c15bd3edb27ae2d455b878daab71c2ab3b6c686de4a1f1502a197ae7bd5f6d5 |
| SHA512 | db822b70fc92f214c030a2cd8d6835a80e8c2afa5b5cfd1798e6b67bf0a2e68657192795d7b5c3b4393eb36b83b7395cde7e15ee25329fa46a94156cf9b314b0 |
C:\Users\Admin\Desktop\PingComplete.hta
| MD5 | 08fa0be46aedfe5a7df0f83a4fa921e4 |
| SHA1 | 7b6dd2089825ba9e90c21f81587bd1dfe7a8304b |
| SHA256 | 494ea2cfe2ccaf350532423f2b929bc95fd510f91e0fc7c7680eb33c4fd68871 |
| SHA512 | 7880927cb3bf8536594d8b95db9123afe5909aa458d771dd4ed548a0708fc046a21118b5ef5ccfd9a054d4877a56e27ee4b324030a56fa7dda22956b7356fdf0 |
C:\Users\Admin\Desktop\ClearConnect.xhtml
| MD5 | 4c70db07ac49f3b7cb20195eb6d1f8b9 |
| SHA1 | c95f744ef5a67d525555295345ab324709ed9940 |
| SHA256 | 0c4dbaa1ecc6f1de522a6ee2ad5769d61b389f03e893262bcd896d8c1d437dbb |
| SHA512 | 2d912a3dafe0c35540a1ec1130b6477325cc09075d87cec59ff5c1cb15cc3eb79b101511413f37c1e4c2d42366af349687cb9bc88a506f2660801578450a35cd |
C:\Users\Admin\Desktop\MountReceive.ps1
| MD5 | 29707e0f29ab47d95d3c66d8fbb33d73 |
| SHA1 | d952bd82cbec76f4feb509fdbb6cbc900d699922 |
| SHA256 | 6d917cc8e6a05e5a24958b0c35f9b0497c6877955d2fbb51d3d6bbb6a98ef6a1 |
| SHA512 | 2a60498b1750c117a1d31a136384f30a2604b366c29ea589fbf3402f5c4dc720e29b094e777ec73da8bc96ca19b148a2b518228c3e2e3bcede67bdf3d9c73102 |
C:\Users\Admin\Desktop\UnprotectCompress.crw
| MD5 | afec4ca5b8a897dfbf001bda8d99c6aa |
| SHA1 | b092431a4ba67b06d6bf27a9f14b1a5d7b588867 |
| SHA256 | a249c81bac8a3ed27c618b23487343fe478afff31885b75f55664cc90c357b97 |
| SHA512 | 168130c34ace2e68d42876b20dcd69f637d9a1a8f2fd3b20c0cc50cec11a76dec58b282314a722317e8bb048e1a7ca2617ff4285118effefb1c0143eb2df7dc3 |
C:\Users\Admin\Desktop\ResumeGroup.potx
| MD5 | 20f401c85bee6d97cb4aa8ccbeef5b5b |
| SHA1 | cca1e3005fbe6af57535b6e1e6cd85ce89c2c6dd |
| SHA256 | c0f1c187243c470c7ac24213f1f7822ed002caab36e11f1cb409c7c88285fd72 |
| SHA512 | 7c2dfe62f61951bf23aa211d2d69c8077777ad2e2422400a8d4b227e966864ba0e95fc46a05e111fc18d2b276f799dda1eb3a752d82fc2a9901331e2c4fdc27a |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Clutt.lnk
| MD5 | ee92c711a1f07667e7ddfaa65a7c8cb0 |
| SHA1 | 4c52725b488fd33e2e00d939d7f67cb6e5c15b72 |
| SHA256 | 573e09fd4666d3a1b54359ea15401f0d01eb416936b3deaa2151c25130a3b5ee |
| SHA512 | 33f78659ee18d8bc253aa5e47b23972c74cd3a96f39a2303ecc2fbe49d0478854925e7c7e4b290de6c7bc618e8363e9e4e56979245d8f70e47dd81afc6b3d5bb |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1920_1080_POS4.jpg
| MD5 | d4b0e2984247b271df9214741e1fa04e |
| SHA1 | 57e89e24a1d2d443216b35879bae1fa082430fd2 |
| SHA256 | c52fe9c587778066b8fd31f45235ebb5139e0c663233695dc544c5560d9671b4 |
| SHA512 | a73db77cb4c206babbd04fff9bc92178af99feeaeb80f75167837b32d1756e39894d53dfcc26787178757c16bc9ea4991b0fa2e6b7d8e0a0dfa6fee60977bd9f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin
| MD5 | b4d3016a1cccde90a62b685149c832f9 |
| SHA1 | 5d6c4ba3474e6544bd24343da564e90bba89f6f7 |
| SHA256 | df6afa046a72bb55e8984cf9e2870dc62112e4b81d4fef5a94c98e1c4386e373 |
| SHA512 | abf5e15b40fa03eb9390854199b9feaf0132aac756c5f07d45c81f58c8b4d909833a996a19ccfef7abb905ddb9206591b1eda49a4674bc75a7c5a9c6372590e7 |
C:\$Recycle.Bin\S-1-5-21-4106386276-4127174233-3637007343-1000\$I1RIOQW.clr
| MD5 | 448e50bb31e17f5d392f0f68180b7b57 |
| SHA1 | 98d669acc64b26afbdaeafa27fbf2a15ceec7485 |
| SHA256 | e5cdafdd0f434ae358f546de1581fe3af97c11e7065ae451e6ad239c80c22bbc |
| SHA512 | ccfbc8f7ba96b57323be81455ab684051c656a7a9b5dc1f9fa7bb9d050483cf07c5a79312e386ead7b722f93c6f029618666d4f24ad6416d18360de42ce0509c |
memory/2116-1086-0x0000000005A80000-0x0000000005A90000-memory.dmp
memory/2116-1088-0x0000000005B60000-0x0000000005B70000-memory.dmp
memory/2116-1091-0x0000000005B60000-0x0000000005B70000-memory.dmp
memory/2116-1096-0x0000000005B60000-0x0000000005B70000-memory.dmp
memory/2116-1095-0x0000000005B60000-0x0000000005B70000-memory.dmp
memory/2116-1094-0x0000000005B60000-0x0000000005B70000-memory.dmp
memory/2116-1093-0x0000000005B60000-0x0000000005B70000-memory.dmp
memory/2116-1099-0x0000000005B60000-0x0000000005B70000-memory.dmp
memory/2116-1106-0x0000000005B60000-0x0000000005B70000-memory.dmp
memory/2116-1105-0x0000000005B60000-0x0000000005B70000-memory.dmp
memory/2116-1104-0x0000000005B60000-0x0000000005B70000-memory.dmp
memory/2116-1103-0x0000000005B60000-0x0000000005B70000-memory.dmp
memory/2116-1102-0x0000000005B60000-0x0000000005B70000-memory.dmp
memory/2116-1109-0x0000000005B60000-0x0000000005B70000-memory.dmp
memory/2116-1110-0x0000000005B60000-0x0000000005B70000-memory.dmp
memory/2116-1111-0x0000000005B60000-0x0000000005B70000-memory.dmp
memory/2116-1112-0x0000000005B60000-0x0000000005B70000-memory.dmp