Analysis Overview
Threat Level: Likely malicious
The file https://cdn.discordapp.com/attachments/1266527198097969235/1271053198957744181/fun_stuff_to_do_on_emulator.ZIP?ex=66b5f009&is=66b49e89&hm=0313e92f2572f0001e395a47da4a8f163d281139594710d070d1cdaa973b998f& was found to be: Likely malicious.
Malicious Activity Summary
Boot or Logon Autostart Execution: Active Setup
Possible privilege escalation attempt
Downloads MZ/PE file
Event Triggered Execution: AppInit DLLs
Modifies file permissions
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Checks installed software on the system
Drops file in System32 directory
Drops file in Windows directory
Program crash
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Kills process with taskkill
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-08 18:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-08 18:18
Reported
2024-08-08 18:24
Platform
win10v2004-20240802-en
Max time kernel
257s
Max time network
330s
Command Line
Signatures
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Downloads MZ/PE file
Event Triggered Execution: AppInit DLLs
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\fun stuff\Bonzify.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\SET1762.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\SysWOW64\SET1762.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp50.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\msagent\AgentPsh.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\INF\SET136D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\help\SET137F.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\executables.bin | C:\Users\Admin\Desktop\fun stuff\Bonzify.exe | N/A |
| File opened for modification | C:\Windows\INF\SET136D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET137E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\tv\SET175E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET132D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET136C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDPv.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET132D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\intl\SET1380.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET1327.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\Agt0409.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET132C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tv_enua.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tvenuax.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\SET175F.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\SET1761.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET132B.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSvr.exe | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET1381.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\tv\SET175D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET1329.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET132C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\INF\SET1761.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET132A.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET137E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET1329.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentCtl.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET1328.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSR.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\mslwvtts.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\help\SET137F.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\help\Agt0409.hlp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\SET1380.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET1327.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\fonts\SET1760.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET175D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\help\SET175F.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\fonts\SET1760.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentMPx.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgtCtl15.tlb | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\chars\Bonzi.acs | C:\Users\Admin\Desktop\fun stuff\Bonzify.exe | N/A |
| File created | C:\Windows\msagent\SET1328.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET132A.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET132B.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET136C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET1381.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET175E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\tv_enua.inf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDp2.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Browser Information Discovery
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\fun stuff\MEMZ.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\fun stuff\MEMZ.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\grpconv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\grpconv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\fun stuff\Bonzify.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\1.5\ = "Microsoft Agent Control 1.5" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.acf\ = "Agent.Character.2" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FileType\{D45FD300-5C6E-11D1-9EC1-00C04FD7081F}\0 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD301-5C6E-11D1-9EC1-00C04FD7081F}\ = "Microsoft Agent Flat File Provider 2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\TypeLib | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB27-9968-11D0-AC6E-00C04FD97575} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ = "IAgentExt" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575}\MiscStatus\1\ = "132497" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character2.2\CLSID\ = "{D45FD301-5C6E-11D1-9EC1-00C04FD7081F}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\ = "Microsoft Agent Server 2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\1.5\HELPDIR\ = "C:\\Windows\\msagent\\" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\ = "IAgentCommandsEx" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD300-5C6E-11D1-9EC1-00C04FD7081F}\ = "Microsoft Agent File Provider 2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\TypeLib | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4BAC124B-78C8-11D1-B9A8-00C04FD97575}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Server.2\ = "Microsoft Agent Server 2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0FA9F4D5-A173-11D1-AA62-00C04FA34D72}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Server\CurVer\ = "Agent.Server.2" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1DAB85C3-803A-11D0-AC63-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8563FF20-8ECC-11D1-B9B4-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentCharacter" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31D-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32\ = "C:\\Windows\\msagent\\AgentMPx.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A7B93C73-7B81-11D0-AC5F-00C04FD97575}\2.0\FLAGS\ = "0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentUserInput" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FF-5C6E-11D1-9EC1-00C04FD7081F}\ = "Microsoft Agent DocFile Provider 2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.aca\ = "Agent.Character.2" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FileType\{D45FD300-5C6E-11D1-9EC1-00C04FD7081F} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A7B93C92-7B81-11D0-AC5F-00C04FD97575}\ = "Microsoft Agent Server 1.5" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Control.1 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE8EF600-2F82-11D1-ACAC-00C04FD97575}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\ = "IAgentCtlCommandsEx" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE3-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\ToolboxBitmap32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 551644.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 379145.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: 33 | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\fun stuff\Bonzify.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1266527198097969235/1271053198957744181/fun_stuff_to_do_on_emulator.ZIP?ex=66b5f009&is=66b49e89&hm=0313e92f2572f0001e395a47da4a8f163d281139594710d070d1cdaa973b998f&
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85f5346f8,0x7ff85f534708,0x7ff85f534718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,3246525895886473049,10272461278103961488,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,3246525895886473049,10272461278103961488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,3246525895886473049,10272461278103961488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3246525895886473049,10272461278103961488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3246525895886473049,10272461278103961488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3246525895886473049,10272461278103961488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3246525895886473049,10272461278103961488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3246525895886473049,10272461278103961488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3246525895886473049,10272461278103961488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,3246525895886473049,10272461278103961488,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3246525895886473049,10272461278103961488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,3246525895886473049,10272461278103961488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3246525895886473049,10272461278103961488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3246525895886473049,10272461278103961488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3246525895886473049,10272461278103961488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap13357:112:7zEvent13457
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Dfmaaa/MEMZ-virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff85f5346f8,0x7ff85f534708,0x7ff85f534718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6044 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3656 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,495599570514087946,7879474013552320689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2948 /prefetch:8
C:\Users\Admin\Desktop\fun stuff\Bonzify.exe
"C:\Users\Admin\Desktop\fun stuff\Bonzify.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im AgentSvr.exe
C:\Windows\SysWOW64\takeown.exe
takeown /r /d y /f C:\Windows\MsAgent
C:\Windows\SysWOW64\icacls.exe
icacls C:\Windows\MsAgent /c /t /grant "everyone":(f)
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x34c 0x4a0
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\fun stuff\MEMZ.exe
"C:\Users\Admin\Desktop\fun stuff\MEMZ.exe"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Users\Admin\Desktop\fun stuff\MEMZ.exe
"C:\Users\Admin\Desktop\fun stuff\MEMZ.exe" /watchdog
C:\Users\Admin\Desktop\fun stuff\MEMZ.exe
"C:\Users\Admin\Desktop\fun stuff\MEMZ.exe" /watchdog
C:\Users\Admin\Desktop\fun stuff\MEMZ.exe
"C:\Users\Admin\Desktop\fun stuff\MEMZ.exe" /watchdog
C:\Users\Admin\Desktop\fun stuff\MEMZ.exe
"C:\Users\Admin\Desktop\fun stuff\MEMZ.exe" /watchdog
C:\Users\Admin\Desktop\fun stuff\MEMZ.exe
"C:\Users\Admin\Desktop\fun stuff\MEMZ.exe" /watchdog
C:\Users\Admin\Desktop\fun stuff\MEMZ.exe
"C:\Users\Admin\Desktop\fun stuff\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\WinSxS\x86_microsoft-windows-ie-iechooser_31bf3856ad364e35_11.0.19041.746_none_b60bd945ca2276e4\IEChooser.exe
"C:\Windows\WinSxS\x86_microsoft-windows-ie-iechooser_31bf3856ad364e35_11.0.19041.746_none_b60bd945ca2276e4\IEChooser.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 180 -ip 180
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 180 -s 624
C:\Windows\WinSxS\amd64_microsoft.workflow.compiler_31bf3856ad364e35_4.0.15805.0_none_eb7ee992c51a9917\Microsoft.Workflow.Compiler.exe
"C:\Windows\WinSxS\amd64_microsoft.workflow.compiler_31bf3856ad364e35_4.0.15805.0_none_eb7ee992c51a9917\Microsoft.Workflow.Compiler.exe"
C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\memtest.exe
"C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\memtest.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 352 -p 2588 -ip 2588
C:\Windows\WinSxS\amd64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_10.0.19041.1_none_c12e5c6c2037e719\imjpuexc.exe
"C:\Windows\WinSxS\amd64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_10.0.19041.1_none_c12e5c6c2037e719\imjpuexc.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 1020
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 23.206.78.251:443 | cxcs.microsoft.net | tcp |
| GB | 184.28.176.56:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 251.78.206.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| GB | 184.28.176.32:443 | www.bing.com | tcp |
| GB | 184.28.176.32:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 32.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 184.28.176.10:443 | th.bing.com | tcp |
| GB | 184.28.176.10:443 | th.bing.com | tcp |
| GB | 184.28.176.57:443 | th.bing.com | tcp |
| GB | 184.28.176.57:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 10.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 184.28.176.10:443 | th.bing.com | udp |
| GB | 184.28.176.10:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.20:443 | login.microsoftonline.com | tcp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 40.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_2432_TPIKVDSYBTSMXRQL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 15544b00aa03fe1a4315af3fe51f63f4 |
| SHA1 | 0c3de92b01f8ea00a4b1cb87d2f32c6fa7037834 |
| SHA256 | c3502bb3e15d03b4f63a4aae51a2ff03fd4dbf06948a26f5c7053a0cdcbeec0b |
| SHA512 | 9150a9566983f88c0939495635c9d511549a49639727a32ba0ad4b58045ab19efbbff5f89d120529816ba48773e73cd08ff660d01449c7209a621ccb7e706232 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\fun stuff to do on emulator.ZIP
| MD5 | 13b79874acdc6cfa215f1a238efc8c0b |
| SHA1 | acd5a6051fe237edb99f17cd2b166f5ce0bb8235 |
| SHA256 | 3ac801c785aaab67c73947d2a20bc555a4d7646278de99621f138965e398cf24 |
| SHA512 | 1ace1ea8e72cae17976e776b04f340ec1a25b5da2a74640f81865b77b67b68a781aa3c3db830e4b4c82e66364ca2068227f36de6fc90d749b3b5fba085f50692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 343f91352ea9202d8f4d24e9c77b0fad |
| SHA1 | 16886d85284058668e6a5fdf11699c3ae75d3ebf |
| SHA256 | b3ba5350b9ade5ed3d6f19e45bfab7891cd595a7513e61ce313c36c268c13b58 |
| SHA512 | 152bc9262031e40ac5196704c598089a281389848bc2aab202ff617b83bf14b18595bd746054962cd3ba537354a817eda42537936fef8531f17b3febbe189bb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f6aa1bc2fcc78b21aaa8170c672cf764 |
| SHA1 | 5287c38d5ced4695000273bb5ad88d724f0e7420 |
| SHA256 | 54809a7649a8b7018b347426f14ea9a301b9704bb50a84f7e50a8890b3d53868 |
| SHA512 | b2a651440ec354d4f94d1192b6d2625a91b56dc6e099c4b18729f06dc4f795bc42445658eed3832957b49b3caaad35e81f359a6e62f00107b762b4c7a92234db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cc847a66775f416983ea5dd0d128f298 |
| SHA1 | cc28a72522c266a6878736bcf406d20689ac4fa2 |
| SHA256 | a4a70c8ab97857563ad1e0464b333365192d17bc8477e54a5139b9e0f71343d6 |
| SHA512 | 1b9c91186bec08c83fca19bab671d82c3c825ab88c7a758f47e174b02741492f20c984c61dbb77ebaabe82bbf08bb40593389bec1fec7afe8af2475e1d0b5be2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 75143b9d4d5b2ca762c0397c413a87ca |
| SHA1 | 9e74298e0eb413b1c6ec470a0c1da46841b3abca |
| SHA256 | f662af2e26de82a14189d30779fbdc0f6e7e77ff2270640518b77c0875abccfb |
| SHA512 | ec3137da4397f1c3eef837985ea6a95aa4a4b812c925611e6fd2b5103844438a143339ed250bbfdd179b75f0c9093ffbd7fdebf328bee87dc5b5bed71e318c39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 094ab275342c45551894b7940ae9ad0d |
| SHA1 | 2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e |
| SHA256 | ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3 |
| SHA512 | 19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | 1c9ac8dfa4d83c08e6c2e2f3947d2871 |
| SHA1 | a67f0f32b333ada221023d96288421533e3f3e88 |
| SHA256 | 714746b7221935ed1ee48fcb28783a1edac9aef228a1ad513a352716cbbec75a |
| SHA512 | 38a00b8e9c54a9e45b30dda12aa710361590a438b3402cac142c8a3a16a58f449090a2049c278e2e85efe6443d98007cd25e115614ae1c51f54e3b9613dddbe6 |
C:\Users\Admin\Desktop\BackupSelect.xlsx
| MD5 | a1130dddf795d0bcaf814b273d1bc1b8 |
| SHA1 | fa857fa87e0b20df940d895e6fe2cdda4dab6242 |
| SHA256 | a5319de575d4bd6f6a828bb173873fdf47467dd33150f8af5fe22685d1b4be3c |
| SHA512 | 1657ba81ab7d256e83334a6e63b8988ce607a4cc57f6f4a6c219c358d529392896ca19ed0e379bd15bd5f69f86cebe222a8ba468f7df6e2e94343d9a73ee26fc |
C:\Users\Admin\Desktop\WriteOpen.xlsx
| MD5 | 119c285bc1b74b75cac4e36a0d4eaf56 |
| SHA1 | 91f97efb59d8442efdd5985d91da5cff14938cd8 |
| SHA256 | e721962e1919824a38061a85fec8fcb5bd3b6d9cbb5e2b2810eb880074488bc3 |
| SHA512 | 26d102562fc3368aa3ce07c71071978d0fea008f08cf8f7e99e28dfd02d7b6dbc8ab93f723bde9288d48a5c7c912ded1fc18fb7fdcbdc1e31e8e493ba2ad0e1b |
C:\Users\Admin\Desktop\AddPublish.avi
| MD5 | 64d598584c2246abe907a577c86ba63c |
| SHA1 | cdf23b5b2d49fee51f4b3e7fe99089848c71c03d |
| SHA256 | 753a46e911b0873841a8b4c14330a957937dcf7ba5e51e565380a390f6c1361e |
| SHA512 | a29c1704d76be3c0e94f7cf8149d7dde45cd0e9185ee7cd256be512fd1580a97231add9a6b08f58101c90f0b0aa8ad527da124dbeefb2472c391a6af36ff2fbe |
C:\Users\Admin\Desktop\ApproveDismount.ocx
| MD5 | 048793c45a5f9c06f39f93133e2b9a9d |
| SHA1 | e6b24bf4ad8bb82593692f66b432a0d2801db75f |
| SHA256 | f3b4fc915a647888d258dc801020168611daf757f3f7f2950e91b1dd70fc33c8 |
| SHA512 | d6d6b5df7ad2200921904c18b2f8d7ace885134e603c946decd25c5bb5db095d3f63c34f918431de6a5d28c3e75a00ad82a451d40503b86ff67c72fd1e02076d |
C:\Users\Admin\Desktop\ClearExpand.sys
| MD5 | f69e179c222d7c13cab11e5368998bdb |
| SHA1 | 371bc439d84e0c4cd45d6f26980941645eb50762 |
| SHA256 | 92dbdf44f1760ce7728c5de0cace87cf3ff6e332133d62d947b856d123ce5fce |
| SHA512 | 7068dadc7129bd8dbd223e642e2a6ec09cc0d07adcf5da40fad276291a351363185df743673569fb005f555aa108ed62e763fad339ade2cee75b02b9954f66be |
C:\Users\Admin\Desktop\DismountExpand.shtml
| MD5 | 161ff7f17a7029c4f717c4059b9820be |
| SHA1 | d74aa62494dbc1d3d9d794b5a67a2f4135ec160b |
| SHA256 | 87714213ab6a80924498ef7732937cedbb3660bfe7c11fb792bd38c225f45488 |
| SHA512 | a43e786de8b4946acb359059a4e391c4b569a342a0c480dbf30ba48edafea72e0c3124223283cfb7516fb99ffdcc34a609021e0e6f630588909f2e864e94a8c8 |
C:\Users\Admin\Desktop\FindGrant.xml
| MD5 | f6c01add1ce64af24120b6017c592a34 |
| SHA1 | 530543fb258f6cda7b9bd481e204b71e1916d4b6 |
| SHA256 | 1522a8cee40e0c9b9012269f72fbf902d83adfe9fb693345692f2b2221dbc69e |
| SHA512 | 1ad22d55ea903ecc528bdae3d4b92cdd4aef4ee4664f5b09a307a551f6adc7ad970727ae1b75b60b6fda2b22476414c80b0368c6ba5506429631bdf5ade3d0b7 |
C:\Users\Admin\Desktop\FindWait.cfg
| MD5 | a514b77177b67a093e49f12671cdee80 |
| SHA1 | e00464e681232e34fcefeda8dd4bc9d8fdc5fa1e |
| SHA256 | 2b164715d8736632e4cc9bcc5214f0a46f4567d343ade164548ad3f7d01bf49d |
| SHA512 | 1d82ccee837e0aabe88416b52e0e3924c6664b83f478856252c44b060607abae2841379f57f8d5786bd58f2a62f805613cf697661ac91043612b903943cc1814 |
C:\Users\Admin\Desktop\ImportWatch.mpp
| MD5 | 908966270f75fe5d55f665b94429d149 |
| SHA1 | 0d0f02d31629fbc84836c0495ef16900af209670 |
| SHA256 | 005c5475b4fb82c97de4ddb321401834ab1d5b3620b0207dd3b0d2a699f3a494 |
| SHA512 | f953eeacc41dddf3abac05b9ef0a65671477a6c4afa8021698e5ceb1dafdbec90b8dafdbb4b8a7ef12494a43747f297d045a6ae1e288ef29333c7f4cce1663f5 |
C:\Users\Admin\Desktop\ProtectUnblock.ram
| MD5 | ee849b638aca1e4c6043ba9e700186f8 |
| SHA1 | 62bf8e239a55d6b34be090f3b34554416757ef1d |
| SHA256 | 17dfe2047575f963c41a39b69e3e1d87c38b8c4d0aabb26b73caf3e24880fd3d |
| SHA512 | 3d3bc634cd05cb47996e7abf1ff0e0477426496b3945fe71409da4d8ded005748af05b0aed88cc02c43a05d2cbb0cb36c0107a773d6480ae56ccef2af7fe68f3 |
C:\Users\Admin\Desktop\ReadInitialize.mp3
| MD5 | 7057c4759ba6418a8dd88df91818289a |
| SHA1 | 0491b8471ab0975507b24a66bccf2ca82298d41d |
| SHA256 | 36206a4ebfff973d9006f27d967d64bdb842894e5a2dec182420c56f1df3c081 |
| SHA512 | 55cbf237ddd88bdd11e23b02844667e59e60b750b82d7c3cc6c499e757c4d95cb03c9f70b70b546efe4e73fec6156e13a404d0482c81049317bab0aeb307ccd9 |
C:\Users\Admin\Desktop\JoinUnprotect.kix
| MD5 | 41e8983438a77d279f47c7ea24bc13ae |
| SHA1 | 867995b400f024c327575007667aa3927498a3c4 |
| SHA256 | ad25743f065e3d1993a4300359fc0564068a0024444e1a18c04979b084320822 |
| SHA512 | 2aaddad3f11bc13920b82a313483ab7803be8711188eb4852e1038598297c5f82e39dc549d6c3c0f235b49ec8c8d2240a0eb883ecbf762c0ae026a10dfe70c52 |
C:\Users\Admin\Desktop\JoinSubmit.mp3
| MD5 | 0b63724fbf69cfd4fd61448ed42e0d88 |
| SHA1 | f6d0484865ff34da1573f2107109f823c978d5bb |
| SHA256 | e0f7f8a5e07e66f788af76445ac25c1df973d23097f726ceb593b18a69e3410e |
| SHA512 | 920677c6f6d63b480704e4caa9d7b5f338e77d19756b9500346e783c96c93d7f1066362e99768701f54edaf8ca36b29e52f19312613f28b08ab562a6018515c5 |
C:\Users\Admin\Desktop\RegisterMove.dll
| MD5 | d12a409eac3f510c1a7e3307a90aa3f8 |
| SHA1 | ddcfa039033814ad962158b42f60c4ba21d31a4c |
| SHA256 | 3b787ec0b01dfa45bbfe31129f2ebb23ef4d398d8f592cc7dc5310326ff8407e |
| SHA512 | a3548e8bf86b368850e8b915c0712f95bbea89445f413f97685e4e017eb7e78d94b9907845c85677bb394c45df445f168057ef041bc51aadcc21242eece8477e |
C:\Users\Admin\Desktop\RenameWait.eprtx
| MD5 | fb3a44b2ae664a8c7772a0d1cf1ff57b |
| SHA1 | bd2696bbf480c7398d81764fd5ebecde9b560aa2 |
| SHA256 | b3ece331aa8b732f3dd115977f1d02cac034cf94d5a577231bbe29da2d2c382e |
| SHA512 | f563bd443a30885b033867c45bd2118c8144c9a58b6e5910f157aa563ead46a1bffd7c5e55f056d0c90ed6d49d114c366f56168d45c5897123324c27f324f8e2 |
C:\Users\Admin\Desktop\Microsoft Edge.lnk
| MD5 | 5c0e996fed1f4dc7ad909218d943ef33 |
| SHA1 | 91bfbf0f96cd8957d084a3f68630c3561e7e9ef9 |
| SHA256 | 051e147e9bc65cb596d71de1aae95e1702e7d9042e57fb9f1f02b0098aaf771f |
| SHA512 | 2466e0b79d96f51984c54f16514138d27d52ab9822b17e02a6142ced1eadfc382fbdd50c783084a720fce976954011204bf139cfa525cfd5b3d367bff4ccaa8f |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | de3dfe0215101ed2079a56b1219a259f |
| SHA1 | 84f8c6fdac578f578a926493323cd780cf3aa8e5 |
| SHA256 | f316e44a5b4172b9f693f37bceca27f9fbcfb3b9599143caf68347f89bea9618 |
| SHA512 | 03f3e04acd72487c77d9b95d90f5b0408ffaf3f41aebda90e728fefb51465652624422af1775e161436e0c39ec4bd13012f3acec4373da8647147d4181dd0eb2 |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | d61940402b4799c5fb2ee0fd12306421 |
| SHA1 | e6364ad1331848fb8d8f1ee2594cff064894daa3 |
| SHA256 | a6dd9befec093500b10a0a07287a1b7a45dc92975042d873b3d9895e6416d57d |
| SHA512 | af8d9efa71dda7240dfa2841e163e523cd21e3684fa78d90f95ff06102682c5aa631201a50d3b000f7c37bc6b279664c6e8cf255f5ab481cf6be9c4dc75cddb9 |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | 2dbe64e7fca55d5df917046e1ca3d279 |
| SHA1 | 986303376bc8b05537d85ab90d25b661f013dae7 |
| SHA256 | c756ec9517599b62c431e9961d5cc406da520ed7e0d12356bc7c42e9d6b89610 |
| SHA512 | 4d641927d49598852d45599f0d0bd5eb5dd018eecafddaa6606517aeab8e759285ae6b66d7ac259552eaf1a997266ac6fc110c4a4814e00464a230831d9c2b3d |
C:\Users\Admin\Desktop\WatchUnpublish.mht
| MD5 | ec578b0412d6a735d2a340005acdc600 |
| SHA1 | 1923c90fd6c14fed39eb93bc5faa96317258386b |
| SHA256 | cdf19177f238f3f66dc5195c5f467480540ec6751ee7bb3b3b18f6878719e8d8 |
| SHA512 | 4f9e80fec29e6998206b56aaf96e27f9ab8dd21f59950fb4d11dcd1cb00f0c912f9e56a1fbbc1c569432c145b544e2800d73ecb6fd4194fab0ad6aa0d0d80892 |
C:\Users\Admin\Desktop\UpdateMount.mpeg3
| MD5 | 74d4f0d593d42ac8010bd9b6b3b79c11 |
| SHA1 | f8235fb58c318da0a8200ad3e338d6e9ad5295ed |
| SHA256 | 82b8e710cc4f3bd5047c00d020ca4ff1f21b8d8257aad9580193f7396b6f6dbd |
| SHA512 | 564451743226a464ac7c1538c4e69b3d5625499d3ad52004d11453a308b52d168e527aad7cd551a9bc9296ec94f5704df00569b1000c68cf7bf8054ea8a3fb7a |
C:\Users\Admin\Desktop\UnblockGroup.au3
| MD5 | e9ccea4e09953a4fa19980495eedd56a |
| SHA1 | 17737dcf82b746df56da95d4c976191eee6d1da1 |
| SHA256 | 93975f4b00dba6b920e0bc9e5c6b3c45ddcd1eb28601fb57fbdec596db9b151a |
| SHA512 | f6036ca832ab07cd193acf359bddcf56103e2a1033b7206926ee4afa2c553365ad198e85bcbc073db6bc78c2a70d4204bd28b37870dd47568eeb4a7149aa291b |
C:\Users\Admin\Desktop\SuspendOptimize.3g2
| MD5 | 293210e83928ca92329ca690178b4fe1 |
| SHA1 | 6193f33ad452dc0b57e9a40f50a44b2bb231c453 |
| SHA256 | bd18212fb2e4b024dfabd418d7257b85cb3692f5bd7b268b02f5447b5818956c |
| SHA512 | 33eb83889ceda18fa90ec653a54105a28c00237a75871ff9f0efccb3a56ffa5c8623a2b3525deb4a41d6024a501644b395c73137242a09b8207bf8c0600b18fd |
C:\Users\Admin\Desktop\SuspendNew.mpa
| MD5 | ed4276aa43754d9be3a442d2369a8b7f |
| SHA1 | c4e724f821606f37ba5bee2f01f1c064d04ce889 |
| SHA256 | bd50cac28dfbbf46695435171853a19fa11ea517ae6515efd4546618095be0cd |
| SHA512 | 1bc44383549881865991a977480718b1bbbce7f99f619aa08e91f10afde9e562df7bbecfa1877694b44c2e328785b1c0b0e672ea1ec6e22fcdab9267d57acfde |
C:\Users\Admin\Desktop\StepInstall.bmp
| MD5 | 96ed0f9ee237f109c21cb7e602d9806c |
| SHA1 | beb4da3c745f2f7a5e1c90df1b8d70d86066a21e |
| SHA256 | 1d2895caa0f5f22ad043499acfa51ac421a0f9151bd829194ec9537b001b9c64 |
| SHA512 | ab8f3e905eb66c010804af4571854a517849605bd87d5d3abc438d34493f900af46916453ed00e25ddd014f16d81a9ddc00bba4a1229290298cc46101cb8a60a |
C:\Users\Admin\Desktop\SearchMove.temp
| MD5 | f7acbbd21623991d100d9f0931111ca3 |
| SHA1 | 3ab458b8b704089b9f1b411b5b1b517ce9123fcf |
| SHA256 | 98a27b24d797c72e927f858f7a732fe0368442219a2a0460a5ce507b0e4427b2 |
| SHA512 | 3b9ad3c3e7d9f4893d94d9304429e21ae0153ed252530248993fcdff563076a9ba0c3e6137e3e3d40abab40f23086415f1aad0af31962e285e9cc58d919de469 |
C:\Users\Admin\Desktop\RevokeWait.eps
| MD5 | 37320ca387b0797880fd5878c734ff86 |
| SHA1 | 55edeb306688f43f12aa04428e7f0236a4997449 |
| SHA256 | 31e1f2f756d845ec0afcccf9c8747f17871897e3b7385b3fdb8f276f89ba0d8e |
| SHA512 | 4d8e1bc094249771eecbbf7d896d261cb48af2874762c785ea07fb85e83fa8e46976f4359ff19326cc2a5b125c3c92768cf0664455106f93ad9badf7234854f2 |
C:\Users\Admin\Desktop\RestartWatch.001
| MD5 | f3a6701f908fc215fee4961ee639f77b |
| SHA1 | cc5c8dab858b7b23096fd4f241abb7aeeb94fdc8 |
| SHA256 | 023c6896f95e56ea921e7135a2de6694a5b1d8171d1f2f8fd06f457bb78c45c0 |
| SHA512 | ff8b00b0953b7dc5a9f977d0228396374b919ba6e0421994f509e869d125f18c2a020ce8ede6895c41c673fb0473fc5bd0aea17200c3b5404c3d9f663b7539c9 |
C:\Users\Admin\Desktop\InitializeWrite.ogg
| MD5 | ecc9633092653756f6ba5939717f36a6 |
| SHA1 | 41651d25c618824043bd8402b8c6ea0eb78d4925 |
| SHA256 | baca6d3e0011aea0539402911e507a5e487d6cac8a918451ccd6fa5452984fcb |
| SHA512 | dbeaecfd0230ed9dbf5cb0f3dcda436c6eb85f9c24e73eabb03b2230724c6e676874d2cc561f334338873f412f37e03370ceaa7914cd955fa3ba5f9e117b3aa6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c7571cbcc1448aa5246016ad0feba7b4 |
| SHA1 | 36490fa23f20b45bdd8cda5f72facf47583ebb10 |
| SHA256 | 8dd3ff85971dffecaac0e59a8bbb61259e9df57ccaa51ea8c316cdaaa91eedb8 |
| SHA512 | c17b5de201915e4909e3207d3ded218310e714057ec6c98e0f93fb7b75de7366bab85081cb8d8827df0123509fac176e3d201ac36db7cf25edfa649dc95d766f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | df3a57b4771d2d1daae058c7f698ac89 |
| SHA1 | 25b551027568e5f2989d39b69c3fd59c8a1c82b4 |
| SHA256 | 72a176e02f4a7269dcca868f2d593a063b9d8ce3dfe731c0762248c54bf18030 |
| SHA512 | 67715a74e4fda03fd88c9aae2ba14e68926a0513ad3634b16d916fb7c717e4b6b5e6140988fe4447ea054d04afc803bc0bb71396d61c08fb3c29d034a39212ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 880a00d784d2dd0f182cf00a706ffd89 |
| SHA1 | 9d98e9a58c366ecb5c2e5f819e7dff2539cd5e4a |
| SHA256 | 0115b72e9119c50e202cc20555ceaf5e48af1ce9cf09a79a3b834afca056c2bc |
| SHA512 | ff3cf2d63bd169dcab7e9aced2b55e2759118695eea0f973094e1262475318ed5a7dfa5195f60a5263e1d76cbc65514c5a54af62742401b923ac69c4ebade910 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 0501816b3b7dd559cf455f12ce66c41e |
| SHA1 | 813c2bf3adb130751d06ef7b93b1530d45f3c299 |
| SHA256 | 765602960094b38c9f135842e0eeef10c4f8511c8834dcbe0526174d95ca1de4 |
| SHA512 | a319b917b50f62c87aa091298cef9d842006786e0c196adaecfe89d03f472f0aeab3429d70b6dd015689877416362321dd83007fdeb8032f0e2a3ff1f3f195df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367614740449955
| MD5 | 243313219a2968f1be46745d51344320 |
| SHA1 | 8655062f610bdf06235b0360f19032ceaecc8fc4 |
| SHA256 | 10bcd46d501e886458d65751b8210cba451d0269fe9cd6418b65d9e181baf52d |
| SHA512 | 430b30d2db30e8e097fb796b0edba394260d531388a62f93c22d56aaecdcc21f688778c6eff1c1c9b2c9151343d681317bc8b7a9c6669cd524015e49b598f2f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | e57d13e3852df0b51b1865e8586a6e15 |
| SHA1 | c5f65e964b6745229ac71cf9d8333c66bc04652f |
| SHA256 | 684ee5b51f52538c027125b4a7e376572d1be5867240465a78cc77dad31642d4 |
| SHA512 | fa909d25080b47458766a643879bca5ee2a7c143a1cf997664b53970d7caa96512433f1c1b58827bb446b120f721f22ab5334981211c793a597f48f35e80399d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 83e6d0bf4f148f075eaedcccd4ce57e3 |
| SHA1 | 2e0977f229e314490f5761c622f6cb04a3409e32 |
| SHA256 | 81a1bf635bc913773e162e3367caeb6aa17ad91b211aee06ccc1aaeb6abb8d18 |
| SHA512 | 21132a003b85fb4741ef3a9a03f4b0079c1c7761df32e680635ae63c1e3d6b8dd2ac7a75853299fa706c4fb0590d60b0fee50c3b17b3eba62df4a859f192da28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 62915df979890c63952219eb0206983a |
| SHA1 | a3a6435062e072939dfc7a578d69d454df3954d7 |
| SHA256 | b907ac02c2a93f32f20eb3eb38655f4a5963fff9b408452e670ae7d2dda8367b |
| SHA512 | 7bb5f1f9746c13cee459172b12d73638083926b37548da0da8af62657a171301d4402d98f794717d1a4581a5527fbc54e4e7fdb0b4fe158a47f12ce63ad28997 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 3f4a494591a438942259deba6e32ef6f |
| SHA1 | 9c0fa1d813555e64ed93a179b229a12e68af4631 |
| SHA256 | f0877ca7a42c85a7ba9adaf7fbd5a95566cdbf1d1da1dfa224dbde2d4efde1c5 |
| SHA512 | dbe290b5a51e7864868859a06fd0a04687dd29960622d6910ca5b771ad103ada65009f94f286893fbe30b882f27a59d9cb329d755e713f623e91d6bd93131454 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 4cc7ab884dce5923eb43a9c17ffe217e |
| SHA1 | afba04f122b565be2edb2e5e04b91bd75141cba1 |
| SHA256 | 1c8732e16dc26f1c979b8a0c7d8af66638c9da8a843413c609047a1a5f17cb23 |
| SHA512 | 4e73da7b1bc5433c7614cfcf551c4a5d062efbf1dc705a996afca2bce81ce522341eb9aed8709fa7e76680bb39420ab2f1a1f986de10625163c3559becaf7655 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9c75d3122a61e57011ccac3ad4dea1f2 |
| SHA1 | 31376978ce6a140448bbc9ff7fa5bfb6fcab5c8b |
| SHA256 | 826ddb4b5db1d47ff1c303a5f3ea2eaacd64be03764e071139d237866214b061 |
| SHA512 | 237772750f40f2c4dd9ef44b23a608dc6cac1bba1dfb70e4b2052edbfaac00aef4f373405fc0ffa7868907f042ad82bcdc2b2f3bdaf7d569854e3f5f009f2ecc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5f48d55e6301fdd6a3cdc1f3d99aaa52 |
| SHA1 | 5dbe9f0c7c66be5570749244942e05d3c088a6bc |
| SHA256 | bb522f1c816f0908ef98bb96c035daa1d7b8275194702de68940c141fc203c43 |
| SHA512 | c3561d2a2620192a1961fc386f63d9c2f01b3e48877537af84af92412829ff3b6854fc4f29d7ea0d3cd111df1032f4e2c17131d13cce867edd7d08b9b183cb92 |
C:\Users\Admin\Downloads\MEMZ.exe
| MD5 | 1d5ad9c8d3fee874d0feb8bfac220a11 |
| SHA1 | ca6d3f7e6c784155f664a9179ca64e4034df9595 |
| SHA256 | 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff |
| SHA512 | c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b0393e75b080e7749ca75fa2f6b835cc |
| SHA1 | faf33df3e47c7c9e69b6dc98401b90f9a35d9732 |
| SHA256 | 7a10b64b415f87668bbf057c7229f8c98ff45a4238b0830fef4df8ba116ca8af |
| SHA512 | 6912f70443fbcdb251ed12fa10380267ff63e2353196d838144a58a801135896714899a372e4fdb66dd60ae695771e4e5e5c2eda026868d0e078d50a1e914f2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9df295621a989567a1cbcbff7187bf7a |
| SHA1 | 2fff08f41f8b2f26cade445284ec999b9fcf5ba0 |
| SHA256 | 574aa21e81f6d9c0318c23c729469143e98ae89664eb847d602d884ca82f7f15 |
| SHA512 | 00419f8dcd28b6a1f272066a509fa3e9513ae8995b505a9b86bacc2114eb89978a049ba6e9c6f702ef3841a74e69c4a9becec7b8ef1ac60e233b40b7a8ce5591 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9e4c1117734ff7e1489f669802ccfd65 |
| SHA1 | d1805a7e9b556391537ccaff8e3c8a3f6842b984 |
| SHA256 | 4bdb86fa6b48eaff192c4683349d4a2d63e8dcf40c8fa05e76e2504dcb5a1fbe |
| SHA512 | d06a93ea0f81b32ca0e5f1642f1055a839add53a8961ca4a9413afb81fe1913c140017c344b51f65211d650e92c3d50f725635674988b51ba47a456876be2fb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e875bd05ec6e04690cc0737ccd5ac96d |
| SHA1 | ec5359ab4c842c5a803817ce9b1094a81faeede2 |
| SHA256 | 80922ab08aebe0b481c81309497d3e01ef3eb8018b5277dbab6513a55e9aab9c |
| SHA512 | 923d0a55812a8c1bd75b15006e2a9473ce2e45333c6bcb7fab58279fd03b4f3d4667a27f209320f9c929c2523b3637d155b71c69b55e17a88cb21560d7f37911 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ab9396b020c5fd3d1dd399ab2d268f09 |
| SHA1 | 74d0a6a24dcb0fecfb0f390f35b3b99cff8eddc1 |
| SHA256 | 1feffaaf8c03648f53f501881f232007ef9fc932fd535fd6cccfcb0cfd0e7a41 |
| SHA512 | c08db722e7897c155fd7d544be77db28730530d70b4edac9c687eedbe024929f2f542d343b47afc3fc0143e14a90eb64620e287c5c62f3a35a49668ab39cd5fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 171fce6d80e6e383d4d7d304c341dd06 |
| SHA1 | 7ec49e5182c4407aa96820a454211529bb71bb01 |
| SHA256 | f89c770bbd31a3e517db4a1ffe990e7f571becb0e9dfb90b8ae96450e03d8460 |
| SHA512 | fb4b9b90985bd3d0ac3761d675d15f4e606d414bd4ec026c89f1cd1de7a16859c186d71a781e4d40dc1ae423c8b2adeefa666cf7ee1736c9b359eae539c2f049 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59b9c1.TMP
| MD5 | 3dd6a4707b3abfb7d6d1756fd579050d |
| SHA1 | 8ec0564e326df6bb9de460989c8ac6c62f10ab21 |
| SHA256 | 8365ce0467ce3ee9ce26f20a801bee9c872390133f62df98d8dcb202b7e0219a |
| SHA512 | 0b9365966410a68c810decceaabb3c7abd0d71dcdb77e4c89ca49986879852d07312c514c6bb6664e7aecb3321043ee6a003c0de234fc976284229dbb845f097 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b08a12072088ebfed4f2bdee1c7b1f1e |
| SHA1 | b73e9430b523a1d84acdd2262e442d92fc9c3d74 |
| SHA256 | 5b1150cbafd498e8da1965e32883248642029aa0631f92b0e958064f821c6cbd |
| SHA512 | 33d30d8e18b9c95e0714178bf69a06c9b287e0cf1e68c3251641be6ce688f85bd5362af271bab60bf212bb15bd584cbfd1d776dcabc35797179ec521f1223f91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0bbf756e3ad2a2baacbd9a7501c5a233 |
| SHA1 | be812c5ae4e657177a3b80139d8113319a271c83 |
| SHA256 | a26551eabffe8e6b1d25e8085b94a7a3d89180c694f4b3e937cb16a499e530eb |
| SHA512 | 9383d3827e0a2ad3b857a39f1456bdaa614afb3524bb504e88d5a3587c59471c42641ecedde146683ab3959c67c3050f81de37f3ed6c6dfeaf61a10ea775f29c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 57a504fc964a5c4bbf5130eb61466494 |
| SHA1 | 5d2beb65b9060bc3c1abd146529f060b8a1e41b8 |
| SHA256 | 74d24a4b75683f61bde8e08aa7b826f2a7794f7f7618f739331681f2881d25bb |
| SHA512 | 5b153451d51c55f2af03044fa54ffdca07f72eeedd905c5c959de2e27483d45a8b70e2dc990a63fef74931e6895d4094be3582bea16366cb70dcd6ba03c54a50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 99f07724963d3d7859d254fc3022888d |
| SHA1 | 0ca0dc5a261ceb82e7964292ea2879d4c8672913 |
| SHA256 | 0023e840976daf46f0db4f17560aa5d2c5e0a08b9a94b5a6402869a411660881 |
| SHA512 | 409a0bc8138a78f97e95834ee9bd12bfc97c02f73b947ab74bdf950862e2ce3bb5a2820a2258e8884a5ad38c7ce11602a298ef7c9d4f7860999a12ad3d24bed7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 664a2e392e4eb432f415ae194b58c082 |
| SHA1 | ebb50020fa959fc661b3910ef5eedf4228740b21 |
| SHA256 | 01170cebf9e8ae3ca3cbfc4a467d165b1435bf54a80607225449b0b937a33897 |
| SHA512 | 03ddfe12ea7302080cc35400433999ce8690fcc26069b475b9084c1e985999ecab0d7c9ffab5d232f7e7d20a9a0602b561ed5f4fafe1886598b4830d499f1da2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 36298be8687f25d40773df76eeaa424d |
| SHA1 | eab9152ad5e85901ae2fe6e637e8f20acfbd0322 |
| SHA256 | 91f6e03843b84e4a5dcc4d9a1d3eda5fbac3fbde24401822cf2dc56db5374939 |
| SHA512 | 6923b135a84568f32dd60a630f54a5e10b480f4bcc6df08380300b56896629cdd5d3c10e1d8b10a3de072d3cbaef22abb8e58e40f7d18025724190c965ae5890 |
C:\Users\Admin\Downloads\Unconfirmed 379145.crdownload
| MD5 | fba93d8d029e85e0cde3759b7903cee2 |
| SHA1 | 525b1aa549188f4565c75ab69e51f927204ca384 |
| SHA256 | 66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764 |
| SHA512 | 7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9e57ca22df5bdd047d8dfa0f77397fbd |
| SHA1 | 9307541d972c14a44fb33c8041fb61b02bfa13c7 |
| SHA256 | 7718c63fdd8625e001a66fa2629688e9b85f9002f0547dd1e985af604bb35b33 |
| SHA512 | b74b6f918f047b74b2369d5d0b513375c038f032f6028f4b69aa625f8aef7a7f00f87de0180b156f519fba9557dfca5917de67a26cf86b9871f6aa36be381289 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 28e6f67299de78cfc7b97e0d9fb4b8d7 |
| SHA1 | 7d9289d612545a574ee30fd6d71d57b9bc8dd718 |
| SHA256 | 43a971d3889d9e83533c29d70d94e2c113ac4b907596c4b2066569210c345959 |
| SHA512 | d12a62634774efcc226a1aeaf193ad9cda43cd596121d76c5d884567f4722de13ddf8fad6c4ce04d0ae5862c1670dcc9290420d105187f511e2f91c78aa46373 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d75375e55fb81b4f80f6da2abbdbf2a3 |
| SHA1 | 93b907e583b88fd77bf21fa630563f528b8ff6b3 |
| SHA256 | c58ed2e02c17bb2dd7bfe4c034be59c829fd9f6b573e3347b4b48d2f8d0be84a |
| SHA512 | 8ed4ea89e93eb437751f1215d06028a90fac2e87003c9e0a7ed7f0968a8c931778546f2a2e1b37dc09b805449109e2d329ab4e084751381b9076dfc693efe311 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1dbf859cec5739d963512ee8f16fe929 |
| SHA1 | e55646e09b4d697a07c07a45ed18166cdfae902b |
| SHA256 | 4bea5f534f420e0018a2d902fba649235b6736019037d7caf5829a2d9e0d9c71 |
| SHA512 | a6169d733d5ca508038e6549989864c4f8e355a641697ea2b4aebec83f7b5dd020f769e75afc7c15c3b7623c5fef7f453a3d8ec34bef497469d767c53728fd01 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
memory/728-1347-0x00000000029C0000-0x00000000029C1000-memory.dmp
memory/6064-1354-0x0000020CB61E0000-0x0000020CB6200000-memory.dmp
memory/6064-1376-0x0000020CB61A0000-0x0000020CB61C0000-memory.dmp
memory/6064-1385-0x0000020CB65B0000-0x0000020CB65D0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133676149935568405.txt
| MD5 | dd3d70592f321434f13de8ca313ae2fd |
| SHA1 | 721f6f032a458fce39cc228ea262223840c2a3bf |
| SHA256 | f25569bab19eaad8e3ab6445c6d936058ea99c720875443d01a4c1bd321fb3f9 |
| SHA512 | 4768456697b70d068a3847b7578e570f586193a54a13ea9125b0fbd9f5560e9bc40d8b3fe1cf49654b4d4c5dd804ccee972bdc4c20ccc28fd67c35985be17702 |
memory/6064-1514-0x00000204B33E0000-0x00000204B4D0F000-memory.dmp
memory/5532-1516-0x0000000005050000-0x0000000005051000-memory.dmp
memory/3632-1519-0x000001D41DC30000-0x000001D41DD30000-memory.dmp
memory/3632-1523-0x000001D41ED40000-0x000001D41ED60000-memory.dmp
memory/3632-1520-0x000001D41DC30000-0x000001D41DD30000-memory.dmp
memory/3632-1546-0x000001D41F110000-0x000001D41F130000-memory.dmp
memory/3632-1525-0x000001D41ED00000-0x000001D41ED20000-memory.dmp
memory/3632-1518-0x000001D41DC30000-0x000001D41DD30000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\4ZLXTYAF\microsoft.windows[1].xml
| MD5 | 561d428fca25aaeff220ca801100323c |
| SHA1 | 703808c3abb1172a6a05ea8a7bdc297eed3d01e6 |
| SHA256 | 1fd2a6b24b2e481e24953b38587394eab230127867ca14b0f9ac3e365561a83c |
| SHA512 | 72f5711ee30b7d41a4bac8bb59ec4c9d488de5a138079ec897a407917b0c4199985077045cbf345654a06352310881c9baef5eaaeb75fb774faad5ee938e1d00 |
memory/3632-1655-0x000001CC1C200000-0x000001CC1DB2F000-memory.dmp
memory/3012-1657-0x00000000028D0000-0x00000000028D1000-memory.dmp
memory/5888-1659-0x000001BE1CB10000-0x000001BE1CC10000-memory.dmp
memory/5888-1664-0x000001BE1DC70000-0x000001BE1DC90000-memory.dmp
memory/5888-1660-0x000001BE1CB10000-0x000001BE1CC10000-memory.dmp
memory/5888-1695-0x000001BE1E040000-0x000001BE1E060000-memory.dmp
memory/5888-1694-0x000001BE1DC30000-0x000001BE1DC50000-memory.dmp
memory/5888-1792-0x000001B61B030000-0x000001B61C95F000-memory.dmp
memory/3440-1794-0x0000000002B40000-0x0000000002B41000-memory.dmp
memory/2764-1801-0x00000265DF920000-0x00000265DF940000-memory.dmp
memory/2764-1804-0x00000265DFCF0000-0x00000265DFD10000-memory.dmp
memory/2764-1803-0x00000265DF5E0000-0x00000265DF600000-memory.dmp
memory/2764-1911-0x0000025DDCC00000-0x0000025DDE52F000-memory.dmp
memory/728-1914-0x0000000002F00000-0x0000000002F01000-memory.dmp
memory/6024-1916-0x000002D633700000-0x000002D633800000-memory.dmp
memory/6024-1935-0x000002D634B30000-0x000002D634B50000-memory.dmp
memory/6024-1923-0x000002D634720000-0x000002D634740000-memory.dmp
memory/6024-1920-0x000002D634760000-0x000002D634780000-memory.dmp
memory/6024-1915-0x000002D633700000-0x000002D633800000-memory.dmp
memory/6024-2037-0x000002CE31A00000-0x000002CE3332F000-memory.dmp
memory/4504-2040-0x00000000045D0000-0x00000000045D1000-memory.dmp
memory/3852-2042-0x000002D620050000-0x000002D620150000-memory.dmp
memory/3852-2046-0x000002D6211A0000-0x000002D6211C0000-memory.dmp
memory/3852-2077-0x000002D621570000-0x000002D621590000-memory.dmp
memory/3852-2053-0x000002D621160000-0x000002D621180000-memory.dmp
memory/3852-2041-0x000002D620050000-0x000002D620150000-memory.dmp
memory/3852-2183-0x000002CE1E600000-0x000002CE1FF2F000-memory.dmp
memory/316-2226-0x0000000005130000-0x0000000005131000-memory.dmp
memory/5504-2227-0x000001E396F00000-0x000001E397000000-memory.dmp
memory/5504-2232-0x000001E397F20000-0x000001E397F40000-memory.dmp
memory/5504-2228-0x000001E396F00000-0x000001E397000000-memory.dmp
memory/5504-2262-0x000001E397BD0000-0x000001E397BF0000-memory.dmp
memory/5504-2263-0x000001E398340000-0x000001E398360000-memory.dmp
memory/2588-2341-0x0000000076400000-0x000000007647A000-memory.dmp
memory/1104-2381-0x0000000076400000-0x000000007647A000-memory.dmp
memory/6048-3051-0x00000244505A0000-0x00000244505AA000-memory.dmp
memory/6048-3052-0x000002446ABA0000-0x000002446AD1E000-memory.dmp