Analysis Overview
SHA256
0dd46341ec484a9634677c19ce94f04287f2f288c7bf4b751e0ca28a569986a2
Threat Level: Likely malicious
The file lolhahahackerwowohnoo.zip was found to be: Likely malicious.
Malicious Activity Summary
Blocklisted process makes network request
Command and Scripting Interpreter: PowerShell
Command and Scripting Interpreter: PowerShell
Enumerates connected drives
Sets desktop wallpaper using registry
Detected potential entity reuse from brand microsoft.
Drops file in System32 directory
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Delays execution with timeout.exe
Suspicious behavior: LoadsDriver
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-10 10:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-10 10:03
Reported
2024-08-10 10:33
Platform
win7-20240704-en
Max time kernel
1565s
Max time network
1566s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo.zip
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-10 10:03
Reported
2024-08-10 10:33
Platform
win10v2004-20240802-en
Max time kernel
1360s
Max time network
1148s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo.zip
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.80.50.20.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-08-10 10:03
Reported
2024-08-10 10:33
Platform
win7-20240705-en
Max time kernel
1561s
Max time network
1562s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lolhahahackerwowohnoo\\wowcoolfile.png" | C:\Windows\system32\reg.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo\hello.bat"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "Add-Type -TypeDefinition @'
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo\wowcoolfile.png" /f
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\msg.exe
msg * "Error 404: Productivity not found. Did you try turning it off and on again?"
C:\Windows\system32\timeout.exe
timeout /t 4 /nobreak
C:\Windows\system32\msg.exe
msg * "Error 500: Coffee is empty. Time to panic"
C:\Windows\system32\timeout.exe
timeout /t 4 /nobreak
C:\Windows\system32\msg.exe
msg * "Error 403: Access to Netflix denied. Go outside for a change"
C:\Windows\system32\timeout.exe
timeout /t 4 /nobreak
C:\Windows\system32\msg.exe
msg * "Error 301: Memes not loading. Did you check your WiFi connection?"
C:\Windows\system32\timeout.exe
timeout /t 4 /nobreak
C:\Windows\system32\msg.exe
msg * "Error 999: The 'Enter' key is broken. Please perform a ritual dance to fix it."
C:\Windows\system32\timeout.exe
timeout /t 4 /nobreak
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "Invoke-WebRequest -Uri 'https://mirrors.cicku.me/linuxmint/iso/stable/22/linuxmint-22-cinnamon-64bit.iso' -OutFile 'C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo\linuxmint-22-cinnamon-64bit.iso'"
C:\Windows\system32\timeout.exe
timeout /t 5 /nobreak
C:\Windows\system32\timeout.exe
timeout /t 2 /nobreak
C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
Network
Files
memory/2904-4-0x000007FEF5E3E000-0x000007FEF5E3F000-memory.dmp
memory/2904-5-0x000000001B720000-0x000000001BA02000-memory.dmp
memory/2904-6-0x0000000001D20000-0x0000000001D28000-memory.dmp
memory/2904-7-0x000007FEF5B80000-0x000007FEF651D000-memory.dmp
memory/2904-8-0x000007FEF5B80000-0x000007FEF651D000-memory.dmp
memory/2904-9-0x000007FEF5B80000-0x000007FEF651D000-memory.dmp
memory/2904-10-0x000007FEF5B80000-0x000007FEF651D000-memory.dmp
memory/2904-11-0x000007FEF5B80000-0x000007FEF651D000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | 1019b1de077b495279a087dc587a0461 |
| SHA1 | bb63ad73beb6ac30cda836446d76173c4c469254 |
| SHA256 | a37bc1a091b1d3fbe9136ce742c5869cfe1ea12119513f6829448fc4258dedb1 |
| SHA512 | 3b95eaf731906d9617241c05fe775b4b1e48b4cef1498c6cc94f81c24f02e3ae3260ed3c89f422e9268e0c595de79758f43079443e84589454df060b8252b6f7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ESC7F5YV8ORPR0RFOT0Z.temp
| MD5 | b677d8824dfa3989ba732222db4c052d |
| SHA1 | e821b12003fdb876b03c9004799357bea565f9c1 |
| SHA256 | 2086f4ecc5dac9fd6173ac9f2fc411d29648eef17227df8cd8b3718b031c4c0e |
| SHA512 | 1da98c2ee3551f7533975c9744b61209d0cfdc98bb5a29ce2c065b0e91fdc7d0edcd5e3a84e52afd2959a98535a91f9dca158fcb9c5e1676a1944f929472f3bd |
memory/2652-17-0x000000001B730000-0x000000001BA12000-memory.dmp
memory/2652-18-0x0000000001E80000-0x0000000001E88000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-08-10 10:03
Reported
2024-08-10 10:12
Platform
win10v2004-20240802-en
Max time kernel
489s
Max time network
469s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\E: | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Detected potential entity reuse from brand microsoft.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\perfc011.dat | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File created | C:\Windows\system32\PerfStringBackup.TMP | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\basicdisplay.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\system32\perfh009.dat | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File created | C:\Windows\system32\perfc00A.dat | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File opened for modification | C:\Windows\system32\devmgmt.msc | C:\Windows\system32\mmc.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\system32\wbem\Performance\WmiApRpl_new.ini | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File created | C:\Windows\system32\perfh007.dat | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File created | C:\Windows\system32\perfh011.dat | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\basicdisplay.inf_amd64_65ab9a260dbf7467\basicdisplay.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\system32\perfc009.dat | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\basicdisplay.inf_amd64_65ab9a260dbf7467\basicdisplay.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\system32\perfc007.dat | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File created | C:\Windows\system32\perfh00C.dat | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\system32\perfh00A.dat | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File created | C:\Windows\system32\perfc00C.dat | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\system32\perfc010.dat | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File created | C:\Windows\system32\perfh010.dat | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\basicdisplay.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\system32\wbem\Performance\WmiApRpl_new.h | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File opened for modification | C:\Windows\system32\PerfStringBackup.INI | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lolhahahackerwowohnoo\\wowcoolfile.png" | C:\Windows\system32\reg.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\inf\WmiApRpl\WmiApRpl.h | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File created | C:\Windows\INF\c_monitor.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fssystem.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fscontinuousbackup.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_firmware.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\inf\WmiApRpl\WmiApRpl.h | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File created | C:\Windows\INF\c_swcomponent.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fssecurityenhancer.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\rdcameradriver.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\ts_generic.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fscompression.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsundelete.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_linedisplay.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_smrdisk.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_proximity.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fscfsmetadataserver.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsinfrastructure.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsopenfilebackup.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fssystemrecovery.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_mcx.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_netdriver.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\rawsilo.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\digitalmediadevice.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsantivirus.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsquotamgmt.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_display.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_scmvolume.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_apo.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\PerceptionSimulationSixDof.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsphysicalquotamgmt.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\miradisp.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_holographic.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_magneticstripereader.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsencryption.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\remoteposdrv.PNF | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fscopyprotection.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_smrvolume.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\oposdrv.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_barcodescanner.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_receiptprinter.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_computeaccelerator.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\dc1-controller.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_processor.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_cashdrawer.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\wsdprint.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_camera.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_ucm.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\inf\WmiApRpl\WmiApRpl.ini | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File created | C:\Windows\INF\c_fsreplication.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\xusb22.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_extension.PNF | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\inf\WmiApRpl\WmiApRpl.ini | C:\Windows\system32\wbem\WMIADAP.EXE | N/A |
| File created | C:\Windows\INF\c_fshsm.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsactivitymonitor.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fscontentscreener.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_media.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_volume.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsvirtualization.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_sslaccel.PNF | C:\Windows\system32\mmc.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ | C:\Windows\system32\mmc.exe | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Service | C:\Windows\system32\mmc.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2} | C:\Windows\system32\mmc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{80497100-8c73-48b9-aad9-ce387e19c56e}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Service | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Capabilities | C:\Windows\system32\mmc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties | C:\Windows\system32\mmc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 | C:\Windows\system32\mmc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\UINumberDescFormat | C:\Windows\system32\mmc.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2} | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000D | C:\Windows\system32\mmc.exe | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Driver | C:\Windows\system32\mmc.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0003 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\HardwareID | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 | C:\Windows\system32\mmc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{83da6326-97a6-4088-9453-a1923f573b29} | C:\Windows\system32\mmc.exe | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\DeviceDesc | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\mmc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 | C:\Windows\system32\mmc.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Windows\system32\mmc.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Device Parameters | C:\Windows\system32\mmc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Device Parameters\Storport | C:\Windows\system32\mmc.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties | C:\Windows\system32\mmc.exe | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\UINumber | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912} | C:\Windows\system32\mmc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 | C:\Windows\system32\mmc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Windows\system32\mmc.exe | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\LocationInformation | C:\Windows\system32\mmc.exe | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Capabilities | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0003 | C:\Windows\system32\mmc.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6} | C:\Windows\system32\mmc.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6} | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Driver | C:\Windows\system32\mmc.exe | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{80497100-8c73-48b9-aad9-ce387e19c56e}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\DeviceCharacteristics | C:\Windows\system32\mmc.exe | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\ContainerID | C:\Windows\system32\mmc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912} | C:\Windows\system32\mmc.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0010 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Security | C:\Windows\system32\mmc.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 | C:\Windows\system32\mmc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM | C:\Windows\system32\mmc.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{83da6326-97a6-4088-9453-a1923f573b29} | C:\Windows\system32\mmc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 | C:\Windows\system32\mmc.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 | C:\Windows\system32\mmc.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\system32\wwahost.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "200" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677578983293907" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19 | C:\Windows\system32\wwahost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft | C:\Windows\system32\wwahost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpCleanupState = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\account.live.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\fpt2.microsoft.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\fpt2.microsoft.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdom = "2" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpState = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\account.live.com | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\fpt.live.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheVersion = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\fpt.live.com | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheVersion = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\Total = "124" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\fpt.live.com | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdom = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceho = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\NumberOfSubdomains = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\account.live.com | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com\Total = "40" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\fpt2.microsoft.com | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\fpt2.microsoft.com | C:\Windows\system32\wwahost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheLimit = "51200" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost\ = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "124" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com\Total = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com\NumberOfSubdomai = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache | C:\Windows\system32\wwahost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\account.live.com\ = "124" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com\Total = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\fpt.live.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "40" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CacheVersion = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com | C:\Windows\system32\wwahost.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\fpt2.microsoft.com\ = "40" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\Total = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\account.live.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdom = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceho | C:\Windows\system32\wwahost.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceho | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\NumberOfSubdomains = "1" | C:\Windows\system32\wwahost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\wwahost.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo\hello.bat"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "Add-Type -TypeDefinition @'
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo\wowcoolfile.png" /f
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\msg.exe
msg * "Error 404: Productivity not found. Did you try turning it off and on again?"
C:\Windows\system32\timeout.exe
timeout /t 4 /nobreak
C:\Windows\system32\msg.exe
msg * "Error 500: Coffee is empty. Time to panic"
C:\Windows\system32\timeout.exe
timeout /t 4 /nobreak
C:\Windows\system32\msg.exe
msg * "Error 403: Access to Netflix denied. Go outside for a change"
C:\Windows\system32\timeout.exe
timeout /t 4 /nobreak
C:\Windows\system32\msg.exe
msg * "Error 301: Memes not loading. Did you check your WiFi connection?"
C:\Windows\system32\timeout.exe
timeout /t 4 /nobreak
C:\Windows\system32\msg.exe
msg * "Error 999: The 'Enter' key is broken. Please perform a ritual dance to fix it."
C:\Windows\system32\timeout.exe
timeout /t 4 /nobreak
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "Invoke-WebRequest -Uri 'https://mirrors.cicku.me/linuxmint/iso/stable/22/linuxmint-22-cinnamon-64bit.iso' -OutFile 'C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo\linuxmint-22-cinnamon-64bit.iso'"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8f4f2cc40,0x7ff8f4f2cc4c,0x7ff8f4f2cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1820 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2128 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2324 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3684,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3728 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4868 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4900 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4876,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3432,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4396 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4568,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4656 /prefetch:8
C:\Windows\system32\timeout.exe
timeout /t 5 /nobreak
C:\Windows\system32\timeout.exe
timeout /t 2 /nobreak
C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4596,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3244 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3268,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4044 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x4f0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3424,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3220 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4944,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1884 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1252,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2020 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3328,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2056 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=3376,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5020 /prefetch:2
C:\Windows\system32\wbem\WMIADAP.EXE
wmiadap.exe /R /T
C:\Windows\notepad.exe
"C:\Windows\notepad.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault03ab0da8h6b3eh4f36h9449h15875beb50c3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8fee746f8,0x7ff8fee74708,0x7ff8fee74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6185087702473869874,8140085373075818776,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,6185087702473869874,8140085373075818776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,6185087702473869874,8140085373075818776,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa385b055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mirrors.cicku.me | udp |
| US | 104.18.129.116:443 | mirrors.cicku.me | tcp |
| US | 8.8.8.8:53 | 116.129.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 172.217.23.206:443 | clients2.google.com | udp |
| NL | 172.217.23.206:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 52.111.229.43:443 | tcp | |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | debian.org | udp |
| US | 151.101.2.132:443 | debian.org | tcp |
| US | 151.101.2.132:443 | debian.org | tcp |
| US | 8.8.8.8:53 | www.debian.org | udp |
| GR | 194.177.211.216:443 | www.debian.org | tcp |
| US | 8.8.8.8:53 | 132.2.101.151.in-addr.arpa | udp |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 216.211.177.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdimage.debian.org | udp |
| SE | 194.71.11.165:443 | cdimage.debian.org | tcp |
| SE | 194.71.11.165:443 | cdimage.debian.org | tcp |
| US | 8.8.8.8:53 | gemmei.ftp.acc.umu.se | udp |
| SE | 194.71.11.137:443 | gemmei.ftp.acc.umu.se | tcp |
| US | 8.8.8.8:53 | 137.11.71.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.11.71.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.69.250.142.in-addr.arpa | udp |
| SE | 194.71.11.165:443 | cdimage.debian.org | tcp |
| SE | 194.71.11.165:443 | cdimage.debian.org | tcp |
| SE | 194.71.11.137:443 | gemmei.ftp.acc.umu.se | tcp |
| SE | 194.71.11.165:443 | cdimage.debian.org | tcp |
| SE | 194.71.11.165:443 | cdimage.debian.org | tcp |
| SE | 194.71.11.137:443 | gemmei.ftp.acc.umu.se | tcp |
| SE | 194.71.11.137:443 | gemmei.ftp.acc.umu.se | tcp |
| SE | 194.71.11.137:443 | gemmei.ftp.acc.umu.se | tcp |
| SE | 194.71.11.137:443 | gemmei.ftp.acc.umu.se | tcp |
| SE | 194.71.11.137:443 | gemmei.ftp.acc.umu.se | tcp |
| SE | 194.71.11.137:443 | gemmei.ftp.acc.umu.se | tcp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 23.62.195.195:443 | cxcs.microsoft.net | tcp |
| GB | 95.101.129.216:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 195.195.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | account.live.com | udp |
| US | 13.107.42.22:443 | account.live.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 22.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 13.89.179.13:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | fpt.live.com | udp |
| US | 52.167.30.171:443 | fpt.live.com | tcp |
| US | 13.89.179.13:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.179.89.13.in-addr.arpa | udp |
| US | 52.167.30.171:443 | fpt.live.com | tcp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt2.microsoft.com | tcp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | x.urs.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| GB | 20.58.112.186:443 | x.urs.microsoft.com | tcp |
| US | 8.8.8.8:53 | 186.112.58.20.in-addr.arpa | udp |
Files
memory/4036-0-0x00007FF8FF0F3000-0x00007FF8FF0F5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_25ckmlix.hb0.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4036-11-0x00007FF8FF0F0000-0x00007FF8FFBB1000-memory.dmp
memory/4036-10-0x000002833CA50000-0x000002833CA72000-memory.dmp
memory/4036-12-0x00007FF8FF0F0000-0x00007FF8FFBB1000-memory.dmp
memory/4036-15-0x00007FF8FF0F0000-0x00007FF8FFBB1000-memory.dmp
memory/4036-16-0x00007FF8FF0F0000-0x00007FF8FFBB1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | d85ba6ff808d9e5444a4b369f5bc2730 |
| SHA1 | 31aa9d96590fff6981b315e0b391b575e4c0804a |
| SHA256 | 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f |
| SHA512 | 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 6d3e9c29fe44e90aae6ed30ccf799ca8 |
| SHA1 | c7974ef72264bbdf13a2793ccf1aed11bc565dce |
| SHA256 | 2360634e63e8f0b5748e2c56ebb8f4aa78e71008ea7b5c9ca1c49be03b49557d |
| SHA512 | 60c38c4367352537545d859f64b9c5cbada94240478d1d039fd27b5ecba4dc1c90051557c16d802269703b873546ead416279c0a80c6fd5e49ad361cef22596a |
\??\pipe\crashpad_4356_VEBNNDSBCZSKVTKS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 62077a5dbc8c337b87297c4b30408538 |
| SHA1 | 3e9045ea139788988646b7c2f403be76c8ba2c98 |
| SHA256 | da69bc3be730566d7d5d72dea4c8329ed1a25e023b21565cf684fae01ee51b77 |
| SHA512 | 9f56d52e87ba024941f9929737d9be655bcb268f25db4d4d45f9d72a4c52d9544f3eb4d2bf5d8f004dc8446b8278f2d3b3073b3bc6d6c00f80958c3d0bcc490e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 092e6a933991c780ca3298e0fdaf165f |
| SHA1 | 51873f974b53bcd9e275d017f8335e69fa1b1dda |
| SHA256 | 816b50628b50aa97f43c2bdb5477a520ef90e0bde398609f4a2c7f80a1d1976e |
| SHA512 | 8aa8a6ee29c8a48f04d874ceb37e208a01596a1ac40fda7c43c24b60cd49960ec69e8adda98b629c1af934c382b30571d69b25b83c56f92bd2d945b4804be1f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e98137a3e6d4f442e03390baec858d12 |
| SHA1 | 4e36caa966e4f7539f924387460cf92436c23a85 |
| SHA256 | bf5babab46e69fa07581269ed74422c7cc3b83a4942770859101f64e3c77bb0e |
| SHA512 | b3f21818acca9955e671fdf9f8786f9b748f017356ebee5df43cca24785cb0b588f5fb4993126ba6b3f8868bdba9d83275f18e311a0bb82802bd6a4df149606d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b34a18e83729e0e5621630310f7b32a0 |
| SHA1 | e72102d96a8cc0509937c54de96e6af7b5d0693a |
| SHA256 | 58aa5e3834e999afdbd6d003b612e50733c88879a3981ab1e887110c9a5f2128 |
| SHA512 | e5dc6ea5f31ee3e463b162717e44bef2bf499cb9b6e4f3d5d62a1e93599f0a963a8b5aad3f81ae0e8b78e25400a75b5ad486aae16610c5e21bae8c2e579af86d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | d8f25b15ab7eb8eb36095bdfef7a8783 |
| SHA1 | af3526d9c9b7bf33425e640b351579b8983cab92 |
| SHA256 | 87c9e9510631944284fd12dcfcbf8a1636053b3ce70abc1bd04ed2b3e6ba1e14 |
| SHA512 | 733a9a1dc4b0f31301eeaa2e0cdc977c0994a6372dc867655f47b4610a4c64ad0633b94955976724123bd16c0352aa3ed27ceed01bf4dc4c59a4e7cd5705cd95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 48d2860dd3168b6f06a4f27c6791bcaa |
| SHA1 | f5f803efed91cd45a36c3d6acdffaaf0e863bf8c |
| SHA256 | 04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77 |
| SHA512 | 172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ee39b0311c89fd406122e91662dcb65f |
| SHA1 | ca69e37cbaa723b1237c93215ae026e2c223356f |
| SHA256 | fc4559c388886bcc1ab3a1a002cb3f8b8efd243f0a74add019beb8ce3802bc72 |
| SHA512 | 044f75c874c8d4c30609d619bc68439be51e039546dddecf1e45009a88bb4d71f041613bace71fda99baacfdfb6d45d9895e23b988367f91a3f7c9e1141e94d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 70650ce9a2891d5c8a19cc558daf6677 |
| SHA1 | bcbf4c797f64a336c2a2b55a34a5f4502072f96f |
| SHA256 | fe6507d1b18baf5ab58790acf810c7e426c2378d4d79503be35ae24375dc6dee |
| SHA512 | 6cb133bdd5b092af9b4d27927df83f6f6a6f892f8827159c1405058e310ec8daee37fc53da780fc446d3b82d92abadf385a012684a1e024ee3eee36167eb981c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dad48bc931ad0ab3998e10b0acbdbf9c |
| SHA1 | adc8f2b21a72f8c7fea74c1979575ab08aff026b |
| SHA256 | 4b379a6860573dbc4cf51fc4fc8b55e2b82b3d01f4c7a9e1ee2b696597a9d62a |
| SHA512 | 0caa279a9fef866ef26833f7b11c190c22a5b612c08f99b98c4a8b0c4d2a130cc9f2a78c56b8b4538a2d951634dc4b2a30af26c95d562f4cb699834a7aa896af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 65a22df154d8b5db21276b38ebe04a31 |
| SHA1 | ea7eb87041558446b53ab6389044cc825e49fb4e |
| SHA256 | 01a22a9867070de36ac5ce272831291a672144d10e332a5a88770f9c8c90f006 |
| SHA512 | e47b4df83a3755899630c54bd36b74819343d7cba247d178f23d75b3388d8e893676742ab0e46c4321a40a901af37c0969293d702cc46683ba9a02a17165ccec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b44fa2381ba24fc5f590452bc284fb03 |
| SHA1 | 035313b627344349b819bbb80e597509a45ddffc |
| SHA256 | daa046f657093dd8be00bc3fe39c8647b9ff9eeb3eaaee47da03dd51cd4025e5 |
| SHA512 | 6e6edae8572bcc6dd10ec760efb9d91216de71e0cc1e39084699a6fce10af6bb6cc93bcbd3f4faec13bdd0c6e74a2a9a4ba2562908846e5286799612f90e6ed0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e0b078f3484bde813833badfab581b09 |
| SHA1 | 272875418b136938a23564bbd22dffd551fb26c4 |
| SHA256 | 1bd14e8193ccb79276aed63e29c465ed4703d794919aeaec309a484fb70f5fe1 |
| SHA512 | e5114cc60c7a876f8fe142601316c4b9513833ecd240be96a843a8d3e04c3529e54a470ab75d8fa5224b84a36d104a291676edebfc5993ab49e655884e929ce7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ada5d78195e0e3e10800fafe63f4861a |
| SHA1 | 369ac4007ae3549fe0869ec8720d0dc7b5680ba5 |
| SHA256 | 5bb37758101239a3b601cab20a02a6829a88ae2c349475995a7083fbee88a783 |
| SHA512 | e338a0b66f69846af2b3f3725c6a9f0cab258f69406379bb1e3f55865195e6ef70ee9dd5f6adcdf69df3e818ccd2599f1660924ae8789471889afe3f13763ea4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2d3d3adca44878f431e68f659b1fc10d |
| SHA1 | 508ffb183648be862b15f41a99d46bf7e79d087d |
| SHA256 | d00012367d32efed6e531058d5ce4f284f42dd1f19ee3cf30b30e560e5c3eea0 |
| SHA512 | bd1d5224c628163e8fec7458bd166b7b0b89be02908519662801844888adaeb457d60c8b8aaf210a6d71392f5d41c19b10fb2464384d9006173c86bbb3f92ba6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b00c3c3d5997bff8df4e4980195aa0b5 |
| SHA1 | be208d8e7d14760e01ca4ba2c41a71a474297c33 |
| SHA256 | e850328dbbf1a5261bd1df52507eb9eea0c525379d8e0795e34d050890487a35 |
| SHA512 | edeea323466f04ab0be6a321a21b1472fe8579a5384bc0b3998523a2662d1e2996614e821cdd26b879222ecc704290625b34ae49cd3d8695db5f24b08f990086 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b3f932ae6cbbfc0b6026921dc358853c |
| SHA1 | a0e137ad411a8204c647d93776e1c07682877508 |
| SHA256 | 97a3f85ababc039a510b456745e4472dd7ea27d1cebaac819992e9a2e747d0b4 |
| SHA512 | 292458971287275f23c9fa10533469e2376716c2bfd6c783a4ec35435ca176e7a646c7d071c4a8b898f1e0fe54b0441f5c614dbef649f7f32930249eb53fc43c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 75a9d946f7563fc2f96ddb127590757b |
| SHA1 | 8cc68435105e91ae8be4556f47db70d1f2e1854e |
| SHA256 | 3a92e7ff69e3ad0b78b1fc1b6b42f5d4f851e31b211ae6b5e0ba2274179dbbde |
| SHA512 | a559ff09f835da28b43408044180fd6590b6b6705b4a5626ac3e3344883a9dfd37dbecdd9d1dc8de54204e6e24e67d9b7b0b51c7db3ff40c6f95f70de6420db1 |
C:\Users\Admin\Downloads\debian-12.6.0-amd64-netinst.iso.crdownload
| MD5 | 6c6ebfcf7d2bb5a6b7762eb4235849f9 |
| SHA1 | 028c1e5d2f5cbe24da4b9deef4ff15b21b7b4470 |
| SHA256 | 8dd2840af07a805413d97ec3e7c72a8af8685dbdddceb99ca4a99d04dceb521b |
| SHA512 | ae5a2aba1617b48c3b4f1810bb43bf0738a96f4e9f2c15a4d9fb43a917bc011282ae9f40690858e2cd56990c2ae879350f62e609b8f423c1ea2b2e3a21883660 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9b473a0929b7c6f60739501804cb425d |
| SHA1 | 918b1cc07b775ef1ea0487de92e89d5df8408fb6 |
| SHA256 | b6c7d79298397434bed86699ff48378b9d2f5a433e517c906f23120fdc4278ca |
| SHA512 | 63419485b835d1c157d1990ce4db3dacca6cf5cd8afcdfd01add90ed99724eaade2b93c654cbfa324084bc375d6f7bfce46b243938e5e32f91ad5ad6b64513c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c2f733b0fff9208799a1e014f1496712 |
| SHA1 | 35baa4e433b130039bee095ca6673294806efdaa |
| SHA256 | 05b4758bbd51e1e55bd0f5c7829296e07aae373996ae174d99803a508882f16f |
| SHA512 | 58fb9ae6a3878d62ba10abd964dda9de661d1bd2817f68dc9678e0cabb6153b69ae0493eff273fa60d4b35d9a522489871b0e120fe57ad97025db9ab51e44d5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d2f1e141d1c90991871a8df7dd99f1f3 |
| SHA1 | 140a64f2e54eecf453da2cd5226a6728b3a85686 |
| SHA256 | c600d21e7f932d262e2a8d9e842beba56641e951e46fb68bf76d5607c60290a7 |
| SHA512 | 1fce4231c2d31da9e6732dcfd955d8ecbdcfade268eadfe831a7908c41f256df6b78ee1d9b03c422ec66d762414344ef41eb425fb3fa92e5bbc4ff4142fb5e1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5b82bb35f99f293be290437a65a1be6d |
| SHA1 | 057cae0508c44223b88b4b5be3d735b2a1e72f49 |
| SHA256 | b70a1c1b2d34e638a783a24d328567742174db1e505ca368bb3d8919994457fa |
| SHA512 | c19c736445941ef0ea5e4b0eba9aa67ae44b8331710d7f68178e1d26cded84b7772463b6f416d20d4647c2b3fe7fad3bf8ef7ad38fd0ce269d1e1f9fdb50622d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 912bee4d3f7347714927865136087ce1 |
| SHA1 | e1ed5b97fd5d6800a7772f2f239978501e74452b |
| SHA256 | 139a429f840dde2cbc3cefdbdfaf4a14ef7098b19657860e61e52f2d22d075cb |
| SHA512 | d41e59d462bae96f201208065c0c25ca2bc979100f24c7c758c0c27c3bbaad42462e250d2353ccaacb917db9a96ee77d0fd2cc67063b3f730aa79761038ae24f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a12ccdfc72562407bd1464a46cca3971 |
| SHA1 | 8150b6cb1400418a832721e97c6d101aecb47544 |
| SHA256 | 4455369cb4d83dfea677e90860564d3a675aa1be0f224f4c6ce159b5b7932689 |
| SHA512 | 9389941a5f16a2e5a0f25a3402eb12b035eae530c34218300ead805eaaf269018d76e8b230492ca316c6f8117c0c2e75c654f56245ea5ddb97e550dae6877fe2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8866c63b9d0d4a7fbcdc0e7c7a089305 |
| SHA1 | fa5971648ed94502aa62666019a7dcce148df0fc |
| SHA256 | c8f24e9e31b5a4f389dc77fe8561c965466d9562a4ee1e175470f6a7266b8596 |
| SHA512 | bc81fb638fa1fe63c4b634dc38290bb925c6f9033e1a8c6958f318695297674be7bcfe095bee524f516cb4a0de0423ac85924ecb4a504fc55ff4095eed196d3d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | 39a8feee5db6fd5b36defdf7ddf9acec |
| SHA1 | 651c4f96a888cb433d4484f43d9378021f775eb0 |
| SHA256 | 7d1936f2497632381b455337d6b66e14d93b7b11ce5a20188b21ecc37cd74ead |
| SHA512 | 73a68c4bf12eaa728240e9bfdbc7796e3e4f8c5ca1d9a1fb09739e23d11853645db86decc907c0e9e350bf032393cf1af70edc62d5ed8d466cb22b98557af6b5 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | ff9615348bafab70a615c61fd851b1ad |
| SHA1 | 4a42b22af709709fb9e23911cc2290aae99ccd8a |
| SHA256 | 896ac590c141fe0109068f3a3d4059fd0a888c0202574e3c4326f9fcec62c38f |
| SHA512 | a0fc04d882774717cd8aa4967b2ac8b0bd401a960f7d318c3864bf347c424412047fe4c18c8854c03920d376601adbd784a8808ef9e9c6ca6276a466dd3e0be1 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | 6f68f3ffb1dadefc96d1de1c1d440acf |
| SHA1 | 93abcf8fdcd282debdd613bcf41ced6c773cdf9b |
| SHA256 | 28d04b9d08d447ac0be9dd4cb06480e452d106575bde529e4d6c1f033e4cf4fd |
| SHA512 | 8c39f9efc73e3df517ceca202a6ef9cf38a35be10aeefff95fd9eb3c912174ba89f3c42e356434c3ac77ab342ac5a4d2af2e5e4c8247c8b413d2b7ae3bbabcc1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000001
| MD5 | d137f684aea94f3d8f8bb3b14e6927d2 |
| SHA1 | 8693f88c476670995dbce56d883a089049e20ab0 |
| SHA256 | 62c551732bcf61d1a12ffeec731d7ca1e01ba8d964103e74b2ed29a55b3081ee |
| SHA512 | 760910caa502673abfea29e33eb0622c9b084606f927e395b91cafe6b74bf7eac079ca5e33dfba4bd20dbfd92bed42cefe15c7c8d64d267ab2175807bbde2d64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000002
| MD5 | 58966394d825813da9d16e42aadb5608 |
| SHA1 | 9ee2c88c7b3728f2a768542d98959cc8be211309 |
| SHA256 | e096e7e066e0b91583720464861d39dc8c613546a07e3cb53e8d5e2504d4c9d5 |
| SHA512 | 2e70c4cda77af9f3897a53b908c2273863f3c992c8115ebb45dfe66b753e28c71ae1f0cf89b0695ee46584c432be621a015d4ec82eab8f2df6890cd06873278d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000003
| MD5 | fab12e902f43bfa36f299ef39bb00f8d |
| SHA1 | 90ebc451da3d5c1dad32e5d27f2ed71fbf4d5d9a |
| SHA256 | 3403dcb7c222ffe3c1af56463d748783acdb533390cbcbe091b9447f7c2860ee |
| SHA512 | 37049585fad525fe62d2e1919fbcbe5de9a96e336dce8ec2753bfc3c755f5c6efc2a9e59cf42a516b0b60e779abf05f173fe5092afc6cd0b3b444ec80dade420 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000004
| MD5 | bfe9c8f5c6807ab98b3c218677dc5ea9 |
| SHA1 | d64debb67baf9da7194ae13f19a408f9d1eb36de |
| SHA256 | 40ea44440f66dbc20161f23a1dee03936b0142728fdd5221e796c2857480e778 |
| SHA512 | be0eabdd93184ea5af8c635eb2a136b4656721354a0c45e4e5ec5c373517b0d9012d279b218816fb8fecbf9b960521f84e90af7c3f25374b328f4150545222f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000005
| MD5 | e6f43d7fd116584692685ec700db4245 |
| SHA1 | f822fb1d06a5261f1399badb25a9f9493df3c360 |
| SHA256 | 550ed00f6ac5b8ec8592d1882854f75edc03bc209c239155cd182e20b4cdac3b |
| SHA512 | 9c2fa2e4b05443b42a2d4ba02bffe66f9f4ddeabb192ef37e3afc32c49d7cbabc38bd2c195d833b3524ee7ead19a13794f4053ad1d959b9a3118be9858ba1201 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000006
| MD5 | 6a7172b3c71d61b024e56a0f5205a12f |
| SHA1 | 9ac232fccb579df93ab8292df1ab6fd18bddf751 |
| SHA256 | 741cfb19950f0f380d1dbe062ba5c0c06402cbd9a9e20d326323a8b051a9fab5 |
| SHA512 | 0d46efb6fb5476b537bc982bae373cb74d39ea6f6cf7bdd239f1ff558f59cef86840fffb1f3c03d0694aa8fac1585d69d15785fe52c6eb72828d004541c6e66c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000007
| MD5 | 5cdec0426eb6ec54578b03331671102c |
| SHA1 | eb1c2e089ba8d367fbb7af4b84e2791fb5e378d7 |
| SHA256 | fa7ebfec6f63fc35f3ab2cb4acf17b51ae9f8436ce59354348abdb2f0b633155 |
| SHA512 | b8cbab449444e57aca9e6198b803cf7eb1dea2c10470b9aea77d7b34ff80a45cebb405a9ef1b645eef252e5536c80b60490a9f0fd05739bbc9c581d7ed6c5609 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2f00c089103b7a7812efa8ac16f65218 |
| SHA1 | d7e6a8ce6d755d28907e099854356005b6469785 |
| SHA256 | 7a5e692d8061aa32c738fbfa58d5b0bcd67132cced9f2bf35eedd4691740aead |
| SHA512 | 9f31228d33923f4767e7e02b491d8594391f6d54ea325989770ecdb05f8251b0b0fe80cf05f48cb9a3101d8a9c3b2dc58a73a7e62ac80e44c8310ac8e30f918f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9b6efe6e52d4604be5745ac8f6a1b7f0 |
| SHA1 | c69e015f415b499c05680ad0f6b2a3a5f6af4a09 |
| SHA256 | 263a624b6aa35a0367899dd037690660ef669a69d4be678aabf627c85042d0f8 |
| SHA512 | 71be75ebe5b9ae3ce29ad7e8e14127729f5b5c48849cfe548a93f76a4bcb1f2ae46a03064b15366c1a0070eafc36927b556e566fbc4f885bd62cf490d04ac59e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f65158cbbca50035bab6974ace63e75e |
| SHA1 | db083e59f518d58025bd3a51cc59989aaaf61706 |
| SHA256 | aae8540dd08226bf4078c6f3379308ae51d6788b60be2fca36aec0875246a482 |
| SHA512 | 0b9833ca77288816c56366a92a2307e7bf881d2a67ee60cca1b4465953f63d1bf7b83c4d874c7e187cec94335b5d0ebb24cf37af4fdab3142539fcc26dfb1adf |
C:\Windows\INF\c_display.PNF
| MD5 | bb5c2218b4fb6eca7bc8330d9c7acbd2 |
| SHA1 | 4c9bc9b82e525c47ae88eaec54ff1b4f96726074 |
| SHA256 | fc3e4b310ecdc66b222137cd42e7df51c0db15478e6f46522a050605c228799a |
| SHA512 | f923daf40c3b1b52b3f5690c4db27c40b0e041cc4f80c38312fdae20ac53998d0b9d1c9d5eb7fce853cbb365badf7af771968909b7e50688838a697eba056161 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 48b85d49a489a27c178046401c22c75b |
| SHA1 | b2f6af79e5dcec2a11c38ede68e445f80d80e4b1 |
| SHA256 | a6913e665224cf3cb6abda0b8d17183d5c324d1cd7a2d749cd1f8054333880fd |
| SHA512 | 27549e617276bd806f21eac016b68b449a18f1babf8b5369dc6c27d363238f1f356df98ad2293088d602d86decc9d461d45b1e6b768f9160023b33d7eb03e33a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
| MD5 | 3d1cc40218778722228b92f7fad02363 |
| SHA1 | 20934ca0f1100aaa8b3a2d64a82aae7820a7c42c |
| SHA256 | e63ac430ccdd90c940cd241543e988440aa6a384da1a61763d82ebad0e4cc582 |
| SHA512 | 6f53b1b93bf9a12b4909fad830343e30f303bc674468a8e62cfc02fc93e6f82ceacb39c149c5096b36554bc9d7b69b2a5a08f059844c66e8b0a0c6f7feee214d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | 846465db95d9ce3ae0d67eb49d23aeaa |
| SHA1 | dfcb833c8e1c4933a0e5c92a8cd91e1cf409bebe |
| SHA256 | cd3bc6b80ccf827b7edac6ea083c68bba1f00f05d67b01cff9f6c9b61469246f |
| SHA512 | 2c2553e9c74c0a4a11a71c1971ddad1c363eaac3f15f29ed608a1beebf5277693608deeee81179c0f74eddf67e0d71725c0fcff70cc055a6236fae93f26345d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
| MD5 | 0a7c15175514002b67e9fabcf61a07aa |
| SHA1 | 036f1c380866f807b53211ea0979ce7329f501a8 |
| SHA256 | 145e70790d0364d6ba9625d2eef600413e16ea2d97a72e59ea71407b2bfa897e |
| SHA512 | acaa1eb95cde478ea451c455ee239d2b6bfafc520f1545eef428eaf1d9e2ce423d80e15a1c70667fbdd08688269a372f44e394b254cae1cbb1272b03320e6a72 |
C:\Windows\INF\dc1-controller.PNF
| MD5 | 771f97f4222a8e67db3ada0f5c96af7a |
| SHA1 | 9f1a32c31eea6fc7d69260501761674e8518d693 |
| SHA256 | 8b56bb0275ac2e6d407cefd16302040531fcfce4523c6b681918daa83923dd12 |
| SHA512 | b22d2327f0c9e4715ad62cad5de72c489530bada6aca7f73a994557a6a1f97e3744d66837cb175b514276b2cc161c764a01c3cb044211922574a62383e2d5ec8 |
C:\Windows\INF\digitalmediadevice.PNF
| MD5 | 809816b7e03df836bc59d1c76c0106c5 |
| SHA1 | b39d1c1db91f352733032d766f5450c6e92858ff |
| SHA256 | 91e85175633e3bbe910e1ccea2fae04cde4d75bd536b23cd4e4df449438265b0 |
| SHA512 | 20a9a109c813ea4d4ef8246814dad50e47ab59cf508c89b502234f0af91f9145ad3c4cd0eb1611d0f0be51745dc0f3daee55d47ce50976f37a98f3cb694313fb |
C:\Windows\INF\c_monitor.PNF
| MD5 | 29f6df5957016e418fbd0f2407e3575e |
| SHA1 | 0ffdc37e214ad11658b1732a8448eab853713b6b |
| SHA256 | 8175f3000d31f9afadbbba3149b647da59b30712668751cd04216bbbbc9897ee |
| SHA512 | e5916dfd44a4456d0f8c7f42b993426c1196059c053a46ac324104edc674944f622b43c7ecb652e1904dd11932d98b87216e7860f5ce193bcd8899162dcbcc8a |
C:\Windows\INF\c_fsphysicalquotamgmt.PNF
| MD5 | b03950c7202906e928bced8484dd2777 |
| SHA1 | 7a64d8d68b5e0e308e463a4fa618db05096651e8 |
| SHA256 | 250447e56fff3c2b1675c5eee8ea7c2d4cdf667058d4c53cc8d2163379f860d4 |
| SHA512 | f9b8a93afc6210b145c89d49895579a1253faba1ab2cfd2476f6b1f6e674deeefd230a9adbc222510fc12a37a1d9f77c85c1d8a890fa992eeb5c4af0eb297a34 |
C:\Windows\INF\xusb22.PNF
| MD5 | 85ff96e96acea3a9ad5723ba90aa2cdb |
| SHA1 | bee57b3abe4b3182284755d206e0565f990e2cbc |
| SHA256 | c7f6aabc0b73f90fe527cbe4cb8bd0047988d471731471808b07a87b61eea13e |
| SHA512 | ca3aa49446693678429e1920224170abbecfc52eface28801acb0de4ee0cfde2f4a7e1f7203f86733b866feefe33c3887847ccfec2077ddb60cabec5c5a21f28 |
C:\Windows\INF\c_fsundelete.PNF
| MD5 | af0a69821c879e1b2fda39e3ccaa25ff |
| SHA1 | 2bd293f7266bb163d04cb892ff29a3c04e26995d |
| SHA256 | 21ea34cceb80420ace7794630ac82ffda7930e1baeec9c2da7ba3fb6430f25a7 |
| SHA512 | aa8cc09608c625c404dc4956718194f3fbebc7175d89f0d484b3406770fc225dffaa562521fd6d894dfba4545491e1144b73b7b6a6cc676d2dcc99dba96bbe58 |
C:\Windows\INF\c_fsopenfilebackup.PNF
| MD5 | 49d2854a79baa40c69b5c0d0f2cbcb3c |
| SHA1 | 294e79cfdd29e4c864f500f7d14041c391afa671 |
| SHA256 | acc479f94a52ae51b6c7a6c919e5e1c6a7dcbaf88ce0e768b0e526f1f87c22cc |
| SHA512 | 81c7c1d248d1fd4cbee4fbf7b0f516c1f9249d4ac91231d727c27b2eea24f3b48a2e0c28fb0e496fa976ffb8b1e61a2fd5b54f4883c494ea15dec4378c7d165a |
C:\Windows\INF\c_fsvirtualization.PNF
| MD5 | c1e850d8f2baa3c6943d6042db6dee7a |
| SHA1 | bfccafaeeb44da789b9c2dc1a53d7081b4f735cf |
| SHA256 | 7ccb9efd738a97dbab566e83ada5d7253a6222e8cb32436bc002d7fed06810b4 |
| SHA512 | 01f68721797672668e86d90493ef3274561e9829e4135e391fbd7808f9c2c2f8f27a21781b5ed8e98a0fbcb1cec9f589d38310fd4daff39fb84678a418e1b61f |
C:\Windows\INF\c_fscompression.PNF
| MD5 | bf1c3f17c1d941d5e8311d9406b5b38b |
| SHA1 | b9ebd85d29d1db10d1311c3670599dbf676d000c |
| SHA256 | 441c0f8a6e57d6f1b0d16cbc70bc641d08b2cc84dd2597595ede037c0a91f203 |
| SHA512 | 6ce65aa8e9bcc2c3dba560faad0cdbe4075e4b753586ac29eb3c64649e8f8cbdd58d6fa0ddea2918456a98bc5ed67f7d5f8571e7457b9ecffdadfba728f118b7 |
C:\Windows\INF\c_firmware.PNF
| MD5 | 911ee08a103051ac9a0c3815424601b1 |
| SHA1 | b84efee77f3f3c13dece8cd4eaa709b8b9134174 |
| SHA256 | fd1e7f0c335ba0fc0c96153cbdbba854118f7cca3174ca154d5a48ba047252d4 |
| SHA512 | ab7d56de857f92953b53b12658b761a365d7418848c37501dff12c0280461be41e55a9dfd0bccb36c260c4f8cd2fc8b8d70b4ec3c2c73d551ba7aebdb1c59831 |
C:\Windows\INF\c_computeaccelerator.PNF
| MD5 | 973e595cba93661a5edf66401697be71 |
| SHA1 | 59c48b655fd2314094fd5c09fcf9e46a94821c3a |
| SHA256 | a434961a3fc17e971a029c8c0d8f19777871c83b77b9137ed7daa10ea8a72b32 |
| SHA512 | e08707a732832e7713721c7fb4487d7c1f75eb6a340c62c7904ada3afbf72e2597ba2b23b5bc9dd2744cb93816271964322f69081c590a4f4cc48fb519749a45 |
C:\Windows\INF\c_ucm.PNF
| MD5 | 011094e73efa8989376cc0e27df526ac |
| SHA1 | 571e88602c63b465461c7cd333a6ae2f039ab249 |
| SHA256 | 7b641ad7a1bab6bb06b65dd10756c0468a15e0b57604a5a53341d48f346eede9 |
| SHA512 | 53ca3489840b880ad9d8d2814d37f7e5dc3c78e96c7c1156265d89747f83b0bd37498b85b46226ad670dd3b63b7f005c6cdef846ed79bdb10345e969fa32ae55 |
C:\Windows\INF\c_fsinfrastructure.PNF
| MD5 | 723426dd71662af4097be90cb53e8828 |
| SHA1 | d1d56878592460116615859d181c14a6e1b90892 |
| SHA256 | 6125670b13610e5c6bdeafba3abe2259e393ffde70c41326a75ea7d72c61b3aa |
| SHA512 | be6b36ced201d6363fec2f6a4d026c596f35bedad05f10fbc900f93c66278a5373197aab3be92a581e44026e2797775c4c7cff286ebadbcb73d2be7c42cf0fbe |
C:\Windows\INF\c_extension.PNF
| MD5 | b5e13e9d76626631da8f637c78186bc6 |
| SHA1 | c69cd8e96bf5d8d2f434783a13355c8b949cb974 |
| SHA256 | 179adec22ae16e8b7f72f9dd1b6621fd0745f76cf914d9fc12593e73d10bd831 |
| SHA512 | 4410f50f8d42ca023d68fdc08b03a00a70bf8a87c558fbd6c09886ac9d3410d9a344db0cee182335f5f430b8ee85cdaddbe533f7a8c2627a1b025a7d737be6d9 |
C:\Windows\INF\c_holographic.PNF
| MD5 | 81be210d7d7cd21e90d95d755cc3395f |
| SHA1 | ea1d40880453c8abf7a7a497df8e709efd91eb49 |
| SHA256 | 3e1c9e34e096d496dcbad8ca63620eb31ea5970650a260f74293d051873bcb93 |
| SHA512 | 272eb592eb9f05b36fe234cfefb724185b61cc4645e61a5bb17923831787fff3ae00c1346c75cddbde91f0f3397140e955edca91b4bcdccf7395f4a64848ae16 |
C:\Windows\INF\c_fshsm.PNF
| MD5 | 402cef30030ba80a9ef3042eba01e5a8 |
| SHA1 | a4dd21eae58929685a8d1a2b286308f3669c2ae3 |
| SHA256 | 17cde021fa96dda6c3857f138504ba90788d9c044a0e5751ac4d6b25c46a148c |
| SHA512 | 2970b67775de1c13d5c2de951fb2b1404796b5efbe03888a7ba901321256392d657f3bb3f6474246bce960deb96ed1d57184d738aed933c37e7ae64d1c63c72c |
C:\Windows\INF\miradisp.PNF
| MD5 | a29c26407bbcd347209ef1b6ee0da34f |
| SHA1 | e1f4ce5ff4619a4414aa1e0ed3ac520a83919584 |
| SHA256 | 519c5d140e5fa8aae6506e14dce399e1e7d44798989227962ef51733cca03227 |
| SHA512 | 1760e5112b9e4723d51be0f07986649b3b524ec3a994b3035b6239850c449279cbbef40533dab1cc08c1bae3ec5957148ce6f66504d0c9cfd52109ef09cb53d7 |
C:\Windows\INF\c_fssecurityenhancer.PNF
| MD5 | 98a74de4c3db8586d3962dae5b832b42 |
| SHA1 | 74c132da4f92c904f4fd3c6e2bfeb61cbe68bb51 |
| SHA256 | 142ae41ac2a475b819cd8f998b829a7766aefd0e81a191e3a3f1611db1e32f03 |
| SHA512 | 3df5d1a5afec7743c82d8facbdfe2d3e29efdc2bbd1b0a2b59571c845aba3661fcbbc3ff7138cb418268229e87cdb3faa675aab8395c84ec1c2e8bae110fdd15 |
C:\Windows\INF\c_fscfsmetadataserver.PNF
| MD5 | cc316a005167b7a7b9acd1e1d24d5153 |
| SHA1 | daa6b910ea852257d8098fd1611760a8b30a3634 |
| SHA256 | 10dddb5334d5da9bf1088bdd461b9ed42810da1d7afada078c7a1ffa112a5a27 |
| SHA512 | 459ba0ea0f1153ccf313408c162ead62b502468a9f4d29a6306c30e343bf0a8eba41e7441ee73401e4c06dba44cb18e4f007f7e07bce46692a8d53390241853e |
C:\Windows\INF\c_camera.PNF
| MD5 | 55c37531cb8d70055e8fa5e74dabf42a |
| SHA1 | fb46341f146c582e63db0e26d2a5da006d6f3424 |
| SHA256 | 70df4413fa77f63e7783e51b9c90a9f7293ebeaa236be194f788800650f2206b |
| SHA512 | 814bca88ab2a8ce33feb288bd8110e7e0698373c7f3c171d9960167f4bed209005d36cf46e7f0c3860a22f86b1fbececb3c83492d34d4b38db418ce429fa14ae |
C:\Windows\INF\c_receiptprinter.PNF
| MD5 | 77e013b2731d2431231383ad3b1fd5ea |
| SHA1 | 162064c8a17ae83dc366f65f21aa32ca1de2a26d |
| SHA256 | 74c1bcc8cb61dc04dc61c99e1332d5de3b4bc4df201729569d6b83caf9d0c263 |
| SHA512 | 49c46b6bceb0b20f4ac594d541199fc9ad333eb776c6a4799ab5fbadeda29979d6aa890359b92556d4fbe4ad7ec3fd53f1f4b6da06b40f071950186e675dbcd4 |
C:\Windows\INF\wsdprint.PNF
| MD5 | 1671a9ea5066b2b30ad0b59fbcd67992 |
| SHA1 | eb44dfe3216ded035bdc4b891a06763e2a0584ca |
| SHA256 | 2e4a7afab81f605c4b994bb71ddab299e7f1f7ce96140fb930110c3aa5d1167d |
| SHA512 | 610c718048e2243f6a46bb02f9921fdf0bff26306cd58114002ca7269b68db27ed37e5c7be45e62dd328dae24f634496d78a08263d708f27868536a98a4d4b38 |
C:\Windows\INF\c_barcodescanner.PNF
| MD5 | 4705549566d5f15cccae4d54209a4eed |
| SHA1 | ad3986036ebf800fe196e0ee2a8ec609b57d1f34 |
| SHA256 | 0c8dda91d03dbc25376b19a14de363158bf6790b0f99638dabba9e5ba26f808c |
| SHA512 | 49ecc489bb6ffa4f370011af3f21e6b553bd9b282820165c22148d22631e941827773b0e6b1f8c568334b6b10c40cf204b85d120721f87611ea1a650edc1ebca |
C:\Windows\INF\c_fsactivitymonitor.PNF
| MD5 | a3a9b712f940de4e926d0e4ccf405dfb |
| SHA1 | 414f8852997cd8b4e6aef89116575f2144aa2908 |
| SHA256 | 14b47248b7ecfe5ab120d45dbf04b3c04db263b9cbcef687b61928f952db3442 |
| SHA512 | d1d1561b1080752f3088f0dcc7f87038eb7e1ed8c4f9a8dd4993706b696c7df10b0fe540a48ebe65bec6643687464adf683ecfea6ba14805a44712a131d7b506 |
C:\Windows\INF\rdcameradriver.PNF
| MD5 | e7765e0da327d6d21ff63aded8e09809 |
| SHA1 | 7bb3a9bae244f7630075332fd230ed15dad184c4 |
| SHA256 | 4a8063f0e82e46295e7d955e29902f97cf8806892bc6387cfcde2402b3067ca6 |
| SHA512 | a9b0348dee15b196a46519962c8fa3b15aca80a3381395dcbbc19199023daa9376486a3598ff1a0b9e7325e12d9af13102b195d39a785880e945cb5e65a9ab7e |
C:\Windows\INF\c_fsantivirus.PNF
| MD5 | b93d641489836820549a799c8e0adeb4 |
| SHA1 | cb8c8a23ec4af9db35ee5a8b7ba05dc45a88c407 |
| SHA256 | d26f373639b2492bb19b1fe49cb4a15468fa82d33a5edee783085ea930ea548f |
| SHA512 | 50971c7eeb11d71c709d973d02095195d402a9ab841d209b7768915799b0efea44149c2295271d370e8ece6bb7e61f2a710743f235d3dac2c01b504bea8b22d3 |
C:\Windows\INF\c_fsencryption.PNF
| MD5 | b6d4bc452fd6a18e6c8740e3af413ba2 |
| SHA1 | d2942c6360207ccdd3fd9321ed4a00a2c108c16a |
| SHA256 | f4fa61365921ec8e825062c0d43230aed1cf1e6b0d1c7b4037b300658ae967a9 |
| SHA512 | be7298742dff91648e8df9cf9fe5b6a91af570f2c7dbac8711cf612b1c30b2941ffbe06e8d9f75e6da08daa956afd26e3c99003a1495deea54a711ec19b06d12 |
C:\Windows\INF\rawsilo.PNF
| MD5 | 7dda8349d792874973914b6402fb6d3c |
| SHA1 | c28ecf26eb4b21dbeb6ffcad8535c0804c41b0e4 |
| SHA256 | 9676f340750cac105df46f894750ef8b1fb634217811da49858c5c82846f7e28 |
| SHA512 | 57e7548ebb734ec8a6b2935059052971965caff9972eb57cf543f08ed0ee4d69de14806445b3ce0dc45f884f5b7ae7decc2d49fde5d8ee8076ffcf429ae3c1e2 |
C:\Windows\INF\ts_generic.PNF
| MD5 | 7ec7892ac4a62ad2548387f11f5a8917 |
| SHA1 | 75b606edea0cb4964ddc2d28b7706d437ef8abb3 |
| SHA256 | 8854966db0db843129614acff3ff81c06cecaca079833b83a7f4f5a0e7592db0 |
| SHA512 | cb2478853de7b2784b62043e37f8515ac1c0777ee2c336ed1c81e6f8d444c8b16a9e6b3ccdec80117c46b3971a0848a860bd7492970f2bac4799443b8fc211e4 |
C:\Windows\INF\c_netdriver.PNF
| MD5 | 5c27ad0bcfdb97c82023615170e6fdbf |
| SHA1 | bde09afbe5ec6218a0463789a88b54e35964dc62 |
| SHA256 | 7ae12586e00113234cdb39741ada6312dc5abc5e8fdbdaab73464dab4f296d7c |
| SHA512 | 2689730c5c0e2bdb8b5fb4e5fcf50c53c7f0dbcfb681fd7e8969a2c9578bdafb7514cff2aa9a952e658a2a386a53870e0619ec03f39aa483c3c968a1104b6ec4 |
C:\Windows\INF\c_fsquotamgmt.PNF
| MD5 | 3f89a0dd90abf143239cb4e87f197a25 |
| SHA1 | 2f76223b8c2b82cf591b85ba2da86fd0136ee25f |
| SHA256 | fb2ee1308ec24b3df1288469d1d348c5282c45fee47ac1c22a49b3bfab9df924 |
| SHA512 | db214e2b8a896e9dd67006e4bfba24ef005105beddf0939ff263fd78411940810fea264aa24ef2c5fd6f00c09eff98fb4fdcbbb8f9675faa0363094b87c53bce |
C:\Windows\INF\c_cashdrawer.PNF
| MD5 | 8210253c127ede2cfca6d6af865840e2 |
| SHA1 | 0191aa53ab958cb798d19d7263120c618e530842 |
| SHA256 | 33f9b32cf7af8b738c17ac973fd14c531e16cef06fb432d2bd99f7dcc44b3e05 |
| SHA512 | 520341c2e2e00f5437f570ea2ea390536372cb7a0a8b97d93d0686ab625fef04fb60a5fda90f1ce841622ae270eac0ea01011251cb94baa6970d51d2439b69ed |
C:\Windows\INF\c_fscontinuousbackup.PNF
| MD5 | 84f9a2f0aac1bcdedac267dabaec69c6 |
| SHA1 | 5089876525aeaa99b198edc4f4d54eaf1d6ca108 |
| SHA256 | adee1e8a3d9f06faa8336a7e5a4718e23cc2b3afcb88d2d8e0cdbd4f41a7418f |
| SHA512 | 2cd605402ea80534fbeb4ac17ff943a3f9b263c5a5fac80f4d0fca4aa579ab8f541eb3f2db5f811293db0233cae990385b7deda4d7cd45076c880a03f7b8fdb7 |
C:\Windows\INF\c_volume.PNF
| MD5 | 556ce96ae35a7473106caedd5bcc406f |
| SHA1 | 97204f7efc016a0146a5947829154e4087bd5f6c |
| SHA256 | 727a44c3c690ca8e5a2f75a4fa5be134313e6f860416ff4a05e97c2420cd6187 |
| SHA512 | cf9ba4a767ce9e7f7584b6f36f4365769b5a633d45d8726250de43e0e85272d79a4844338efdaf6530235aebadf63029777050690ea3028bcb53b417b5af8072 |
C:\Windows\INF\PerceptionSimulationSixDof.PNF
| MD5 | c55acb42b7798d1cd4f866a4aa551a28 |
| SHA1 | 8cfa3fecc102a4c0d6df5d97920a8e3d3822905e |
| SHA256 | ff6b9b87675aaf2f05d50cc6143f170832213c37a4cac8805eccb78f6ace1c5d |
| SHA512 | 3af4e35e580e523a960ba69fd8cdb7c55607b237864cc7b0e8929e5f7776f4c7ecde0ec1f0c3de7281157dc4e49e044ff6979d31201a12f84f220a23bb18b716 |
C:\Windows\INF\c_fssystem.PNF
| MD5 | 7cf549713514f246a1763b98e7ee2b3e |
| SHA1 | 92c2b23c7761f029ab2651dcde0e5486b542d6a0 |
| SHA256 | e93eb833bc91e4b9df971273c012e13f2fc61cda160f13b9e1fb639926f478de |
| SHA512 | 997d388d3ea8deae432b96c7b8e54caae3072710cda216df6386bc73b4bfc1f32aede991bd5a4269ccb1ec790a4b1b10bad063998b30c9dd4d14e460f44ddcf7 |
C:\Windows\INF\c_swcomponent.PNF
| MD5 | b097dc99f5d4e4924505d26aad418060 |
| SHA1 | 56c03dcfd0de0e0248c9087d278736e1c047ee98 |
| SHA256 | f46763a9b7072706927e582e3cbae297627738a5031d03b60dfa860888aa6712 |
| SHA512 | 436d54a5912128459972bcb5cefae0fa9e878f8c0b142df76a4fa7060f2f08f5bc4fcffdee437c355f52450c1354c7128be72d1e32a7bb012aec02b7394cdcfb |
C:\Windows\INF\oposdrv.PNF
| MD5 | 7768b9b4e49eafd3c7d29b2a9becd26e |
| SHA1 | 3722573da580d9c27d16b6d04b8b46b30efbaedb |
| SHA256 | 24cd85b5852511cf80f1bb1631a94d59faf1849dd66b67aa90b44e42c9a416c8 |
| SHA512 | fbeaf605529c1294811e3b03524f63c8564bef7b8cedf00d649e84de451128ab06115f79610419842420df62902c4441713564eb12fb65014eefb98e60210311 |
C:\Windows\INF\c_apo.PNF
| MD5 | 035218fa18fdb085bee4bfd5352c162c |
| SHA1 | 0f93b85ca2561e42ea571aac11536be7e05bac2c |
| SHA256 | 29d052de69fdb9cb212b7165a778926e6aa35657dceff9645112d6dd53453617 |
| SHA512 | 3cf3d6b20651dc96fa8031796a913d8d867668101869b4e0803ba614a780bed355689036151db862afbe617eab6684782877b1617fa4c077afd2df3b7e245df7 |
C:\Windows\INF\c_proximity.PNF
| MD5 | c5873ff8d892a41c6690fe41197e6b43 |
| SHA1 | c0b372d928c90291624e10b8eef739cb63b74445 |
| SHA256 | 4eb14714b8b70a1ad55ed1eb7e59370fc27203d40df5dc27cebdd46e0f5fc6b2 |
| SHA512 | d4af7cac6d35272721447ee89cb2fbba912da855246fbc00fdb6a88936df10a63c734bff4ee4a779be84b2b44fa32d2c944f5843de315a866f973f784ad40bfa |
C:\Windows\INF\c_scmvolume.PNF
| MD5 | 946e35ab7a9d8cf86d5c6cb83dd8636a |
| SHA1 | 3455614b00b7de00a3c3d5c2bdb87cbc8c5ebb04 |
| SHA256 | 4f57bfc496d88106f21875c2304e3a8854cfd02fb93ae106828fc420c5303580 |
| SHA512 | c727e7014545520c8a8d4d08662d6cdde8e88fec7dbf5c3a282331f9654c96a5ff67c2cd37eb0a73f6702c077206d02355470a7b8fe157bf192083ec3a7b1a58 |
C:\Windows\INF\c_smrvolume.PNF
| MD5 | 42faf9433a10d0dd7c12d104a28bcf84 |
| SHA1 | 65652cde1f6921ef459e64f9cc2b5652b9037ed8 |
| SHA256 | 2f215928a4aecb224b4e0ab5894e20b306a7124654be74076408c796f8e13fa4 |
| SHA512 | aec00fb75aa1dd4afd3423d8ae1178b7a7c33c930c39cf8de828a4d1fbc9d1e3c25c8dcdc50d8001867b58de364de2c94f53affea4682bfae471ce3fa2f1be11 |
C:\Windows\INF\c_fscopyprotection.PNF
| MD5 | 394748e30ed2293ab8848f7590f13d27 |
| SHA1 | 377bf53bc971ed3dcb7565788463ba3f13ee87f7 |
| SHA256 | c7b8af67c4834563713eea646af508d357e4bef96269cb144b268f6161fb5533 |
| SHA512 | 5d3085a0d5c5e1a3a8e9b6d7801bfe2d506d481218a44fb8e73bc800e89552ed4dc028f7a81b68a4318900976a8a4907766224d0ed80847cba29c3c8159dc32b |
C:\Windows\INF\c_smrdisk.PNF
| MD5 | 158e51bc766488af1c34b13fd9dad8ff |
| SHA1 | 585bf24690b485b288696e915cfb917422502f8f |
| SHA256 | 7c1dd73ade222f33ce88645459e3a0296ecbc048b84425c8d68d360537a329bd |
| SHA512 | 8cedf3dce0aa3cc0c4391f8e65d47b5416cb9049137bc396ac0bc15b4e1e6a69d9b0a65972582bcb3374ea234d8660873b69b969b44650e2c9f3e95ba6611eea |
C:\Windows\INF\c_processor.PNF
| MD5 | 931d5b9c73165ea68841f4e5f15cf6d6 |
| SHA1 | 655e941a30174f169f1bd58dc8eb40a2f74fe024 |
| SHA256 | 65263e150d08ebc6b38423a007aabba76b4c8d476941b78633b1f256b16c7b0d |
| SHA512 | 37947ec53418f7e3383a1c395e734b2305910783b01b97fe126cf149ec0fbbdbc4ae63cd56a5cd8edf14e38cb2dfdcd8dc63cb896fe8965e72b442787742ab85 |
C:\Windows\INF\c_linedisplay.PNF
| MD5 | e1c7f2f39f5d72f8a9bf176c988e7acd |
| SHA1 | adbb86fbf82f4d0676e11949ee65e25df2a63131 |
| SHA256 | ccf334064e49d49a444c6534f182a1ea08087dfc42d6c3241cfe3bfaca5109a0 |
| SHA512 | ac13d949ffac013f6cbb5dffb7716c4260cc8c1532750fe87d162d5f137f40fd4bf41372ca0985f3bcc211404119d5643535ee388891e8ef5653e8b8523de462 |
C:\Windows\INF\c_media.PNF
| MD5 | d6f787534eea52824abfef940379b071 |
| SHA1 | b200fb5e314de41c743ac84fc973584dee668946 |
| SHA256 | feedfdacbcff878dd0f877736f880b045941e25cd3c4013357d4e2a293a1e7d8 |
| SHA512 | 7ba2d3f0858a5aea61486ba8eb96fed621384258b5055e97a314d9cde71081545d881059d9bcd5bce4f5cb2d7cc341090d2cc419cac44302708b8bef17e4beca |
C:\Windows\INF\c_fsreplication.PNF
| MD5 | 157aa90a35bd8b7b0d87d95761238050 |
| SHA1 | 38d47e599f548833e6b57a8e1b6e561d16ff76bf |
| SHA256 | 60bcdb442f488ea28e6e46549ebcb0f0bb8ed8993dcbae52796985dd71e0226f |
| SHA512 | f63dfbb728180ffd170adbb4fcebd90e6c74bce2c97883f0f96b9c8bae6ad93c232fffdaee63c5fc283f65a8746631887e3fa83880bf085bdd2f8069e63a666f |
C:\Windows\INF\c_mcx.PNF
| MD5 | 1b909c8deb042ba17243934d48b3ee41 |
| SHA1 | 928e854f9097ac311fc5ce458fd6909d812f7d96 |
| SHA256 | 20781e9cd4f11ab6dcc3cfd6df92e0c70f55ff043165f1681bea6e48e45eda03 |
| SHA512 | 088c1db3e9b55fbb46cdfa4ff18040deb5c1a1347b7f6366b8bbcbf6a1d42ec74aa9e167fb021210ddd613a55c8fc223d99ce2f39974dab1eb301d4f3d1ede9f |
C:\Windows\INF\c_fscontentscreener.PNF
| MD5 | ae30cd132bafbddc34e2c241fa89cf78 |
| SHA1 | e4a77358961d2f98cde0b1f3ed08e34c41763a1b |
| SHA256 | 1a3f5c7dd11a67e640948cf3f5eb6ca1baaa94bbb458b29f06bf99ccd96aacac |
| SHA512 | 9fa0fffb70b02577335f9c1428dce46811ebb2feb3fca9291cb3746595a4690d9e1a70ffbd943d54726425f2d30e5337c5f88ced773c1366491eb9e61567ad04 |
C:\Windows\INF\c_fssystemrecovery.PNF
| MD5 | 1c20b551c8177c64891f1c20f38141ca |
| SHA1 | 5698b6c521d66a0c19ef1400bd05797f2d0dbdeb |
| SHA256 | 9e7a415f05f5ef98ed2afc3cb9b3af80970bdb80b00abaed19c89c6d4a2f3df9 |
| SHA512 | 401c6e105ca2571202a1f2c4e7cd6e9b0e86db8122d45fde55ef3f84ef515938f516854fe5f665fd4934b4e39a61fd7700d65da6d95f3f1f54d0dade235ec3f5 |
C:\Windows\INF\c_magneticstripereader.PNF
| MD5 | b19015e21e1bc2886b0b674d2f450bd1 |
| SHA1 | 540de50a0d3b98b6abbc084178ba05e4704321be |
| SHA256 | a1bc54e853d96acf8279a0a7f98de870e6d217d281b1119aad865816659b1eff |
| SHA512 | cfe69151364ff1227b2eae37420ae70f34760150ca78b2e5dad9a83cd0538f6e1ce2798b4f31ee6fd9b9e17e020d738c7ec3805796e8d40bad1cbaa3914350b6 |
C:\Windows\INF\c_sslaccel.PNF
| MD5 | a5b60198ed9c83074babfa86f60c1e4b |
| SHA1 | 2f3e922d885fec14b965d9138ec90a1571125e8a |
| SHA256 | 024d245e7af8409c38f53bd91cf4ede6c11dad6a192a27351ce027db7fdcbb03 |
| SHA512 | 47571c1995d026e90114bea355d67842e8e77ab003e906f7f5b247c1fe50743609165b944368f7b92759082c78f5b0ef020023c45bb712ede8e408979a7bbd00 |
C:\Windows\INF\remoteposdrv.PNF
| MD5 | fb460e244cd9cac078994034581fdc7d |
| SHA1 | 9d307b16699befabd5e8f439247d5a33cfbadd0a |
| SHA256 | 52dd7ece992c377a357655a3f405280f13133fb6b82bc4deff63fee36b96d552 |
| SHA512 | a8a6ded6f621cc2c8dbb87008fec27590be5c71c902927474ec3152925b4612d4f490636cf9f1c064510d3debe9e331254d47941e53a305845fca6ee358f0263 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c4a216518268b902a5a03d359a1f702f |
| SHA1 | 5ce9de8201ff726cb3f78286029f26ed379de099 |
| SHA256 | 43b8461389aa5fd021c84be186d3e99cbe3ad6d33dfbf670c0a507934af41570 |
| SHA512 | 14bbf0ac000d18bcf2facec3c455e13cf1775dd72c1b256cd26df560ef58de5df1059b73901a2c51de7a09cb0dac16958ce7a9c3cef9d528d1c7ace477a46213 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3eb5bc32-99e1-42ac-a51e-44ba93e2511a.tmp
| MD5 | 4101d2c75687e3e8514e4cc9534c66ec |
| SHA1 | 920351771355d095e9cd915718e7d97d0412994e |
| SHA256 | f9bde821ea88e8b278fad1fdd9ad2696146329fbb3b8f2285e872a4bf4697a3f |
| SHA512 | 51f1f948dc8e9f8f632a940cb7894c544b47c7468b2d875329b4aa9d9c40b0fb1d8fa204c1116e16626f724f58743fdbe6a2e917ed32079f6cf92ede0d59bd7c |
C:\Windows\System32\wbem\Performance\WmiApRpl.h
| MD5 | b133a676d139032a27de3d9619e70091 |
| SHA1 | 1248aa89938a13640252a79113930ede2f26f1fa |
| SHA256 | ae2b6236d3eeb4822835714ae9444e5dcd21bc60f7a909f2962c43bc743c7b15 |
| SHA512 | c6b99e13d854ce7a6874497473614ee4bd81c490802783db1349ab851cd80d1dc06df8c1f6e434aba873a5bbf6125cc64104709064e19a9dc1c66dcde3f898f5 |
C:\Windows\System32\wbem\Performance\WmiApRpl.ini
| MD5 | ffdeea82ba4a5a65585103dd2a922dfe |
| SHA1 | 094c3794503245cc7dfa9e222d3504f449a5400b |
| SHA256 | c20b11dff802aa472265f4e9f330244ec4aca81b0009f6efcb2cf8a36086f390 |
| SHA512 | 7570527fdae4818f0fc780f9f141ab6a2d313cc6b3fdb1f7d7ff05d994ad77d3f8d168b1d77c2555d25dc487d24c18f2cc0eab505d1dd758d709f2576aac1a8a |
C:\Windows\System32\perfc011.dat
| MD5 | eef14d868d4e0c2354c345abc4902445 |
| SHA1 | 173c39e29dbe6dfd5044f5f788fa4e7618d68d4d |
| SHA256 | 9f32176066529c5699d45728fcad1bccce41d19dded4649b49cb24f7eef9ce7f |
| SHA512 | c926f13a0fc900dd7d740e2d7d33cdd1902ece0bfb44b6e1f5fed6ffd348c3e7d71089fb9792e38799e8df6573bc09e67bbe132cf9c2ae0a7199534dc5d959ee |
C:\Windows\System32\perfc007.dat
| MD5 | 1bd26a75846ce780d72b93caffac89f6 |
| SHA1 | ff89b7c5e8c46c6c2e52383849bbf008bd91d66e |
| SHA256 | 55b47d0f965800c179a78314b6489d02788a44fa2ce00f68b2d860440216927a |
| SHA512 | 4f5e14637e9e89700f1ee2d0e575d26d4f3d164d859487f1471bf4410dec6d0d7dbf552c6f791c12388be035c6b974610cda8882c6394438e2220b79e4d74e9e |
C:\Windows\System32\perfh007.dat
| MD5 | 82d7f8765db25b313ecf436572dbe840 |
| SHA1 | da9ed48d5386a1133f878b3e00988cbf4cdebab8 |
| SHA256 | 3053aa67e9cb37cd6f9645ef3bec8d43b1863afd852d3860ea73fcd83c7010c3 |
| SHA512 | 59766b408b548dc020b54c79a426b361112c33c7263c16ca2e69485dadca05fb4c63b6433063e77c6a9e28a43ec6d3c8206ea702a33b79151fa6309d83b316a8 |
C:\Windows\System32\perfh009.dat
| MD5 | 407f4fed9a4510646f33a2869a184de8 |
| SHA1 | e2e622f36b28057bbfbaee754ab6abac2de04778 |
| SHA256 | 64a9d789cc9e0155153067c4354e1fc8baf3aa319fa870a2047482450811f615 |
| SHA512 | 1d420ea7ac787df81bbc1534e8fac89227f54fffff70c08c6d2da385762e6c5766448ab4a47aae1c5cbc671776522b6fb6d9c27870b505ae101462bce912867e |
C:\Windows\System32\perfh00A.dat
| MD5 | 4e62108a0d4a00aa39624f4f941d2595 |
| SHA1 | 7fbff1d3ac293c715a303ac37da0ceb12591028b |
| SHA256 | 3df3adaa8bd1ec4dd99bf304c7a1b0d513097fbeb8648efad4b127c5522c3263 |
| SHA512 | c79a483e4012d8c97f4a2188fdc27ea04bae24993b12487551872f1413a1a0884197dc71d13ba1dfd32c9b2c93089761f6f3ec37f0bb19e209dbf19283462126 |
C:\Windows\System32\perfc00A.dat
| MD5 | 6d4b430c2abf0ec4ca1909e6e2f097db |
| SHA1 | 97c330923a6380fe8ea8e440ce2c568594d3fff7 |
| SHA256 | 44f8db37f14c399ea27550fa89787add9bfd916ffb0056c37f5908b2bac7723e |
| SHA512 | cf28046fb6ab040d0527d7c89870983c02a110e9fe0ecf276395f080a3bd5745b920a79b3ce3bb820d7a5a878c0d13c37f67f4b5097245c5b93ca1111c1e830b |
C:\Windows\System32\perfh00C.dat
| MD5 | b87c7ea0e738fc61eb32a94fbd6c6775 |
| SHA1 | 0e730aa70900f623205b93cb1d6e11be4c0d51b5 |
| SHA256 | 6cd8b09f644b22c39e02af26b57580baa0fbed01b682d158b29c676d17dac5c0 |
| SHA512 | 4bad64af992b17a5700cf25ccfa299b2db5be846b8bc28233fa6987964994a34694eb53329ede8d04092298e4b16f06563e459692c210111e0420ee34468f23d |
C:\Windows\System32\perfc00C.dat
| MD5 | 6adbb878124fcd6561655718f12bff5f |
| SHA1 | 1711619dda04178fb47eea6658da6ad52f6cf660 |
| SHA256 | 0b16ac631d596f85f0062dbe5da238c0745bd4c033207cba2508465c7c7983cf |
| SHA512 | 88ec8b3c4670970900ef8fdaf0865e24a5bbc9c0ca375eb6ce12e8d8a3ec08c8a45dfc8ae3c7f4ff1974d5e4b53e0905c5dffadb852e730eb8097a22cd750006 |
C:\Windows\System32\perfh010.dat
| MD5 | 2b41db88b556a31593911ade702a8306 |
| SHA1 | 9820c8ffef6b27fad15badab22408eaf52d58300 |
| SHA256 | 61a5192c872e646050ee10eaef95bbc313fb7ae639b43c1ed3d2040f50cc1186 |
| SHA512 | 0b0c6b8cae683aa645ea2e0285209ac6d82624bfdacdb4e0b92d8118c30fa2fa6def665150b548e4adbee399074f73a961217e6065b05e65919c198efeb424f6 |
C:\Windows\System32\perfc010.dat
| MD5 | c0a264734479700068f6e00ef4fd4aa7 |
| SHA1 | 4e1a8c6a53ea9b54eb76f12d99b1327137a47ebd |
| SHA256 | 71c5a18d082651484ae96e93f127bac9ac217513976b7e98eeb2b879d643b735 |
| SHA512 | 85ff44333fc4d47b02cdbc8c665c0bace22a19961e40419227976333ec1384ef8779232d241a9e3b54d988117b84c436f695f0be80dd109ede60fed919ee5fca |
C:\Windows\System32\perfh011.dat
| MD5 | 7f2b576ab40800aa5f1e3c163176c1c7 |
| SHA1 | 7c24fd2342498e1095f58d264078988323834e20 |
| SHA256 | f98dfd85751e15486b725d4f36f7ef3fa0d72b76dd48401ce93e68b19e486e60 |
| SHA512 | 6780454b0ca385ae18baae45ca37103aa69352ce5dcf1f16debe6a49923a4137e4e1471439853ca8a965c12a9a5498b5f634119a1d9daaf5301e43663da7db94 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 531416841a11c62d06e71e8732de0699 |
| SHA1 | da0ee45e9fee9b3199eaaae341fb984aaf0e0dd3 |
| SHA256 | ba242a976ea78e0c322e596c48cec04272d65f1d95434d7f1ad407ad9c760b99 |
| SHA512 | 5fd5ea838d20b2ba98e9ee0ee7ebd6393fffe91848118260804e30cd3bd1324b7507a22aa01ddfa47914e4995663bb1daee947a9243e9428551af296c8fefb47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a13467318e6b6a56b7aae1d79bcae051 |
| SHA1 | 77aee22106972b6a1637dcf3bc60ee8ef8891398 |
| SHA256 | 4b1b54bc4b13d740707739af6e0ca992cc771b387e73569a5deff7c5604552db |
| SHA512 | 79f5864ec6a876ae407420ea892edbcc78981151ce7ee3ea2b248d01d5199f14fa0dc06792488f2df2bed02e676b5f8046f3993cd16c92dd1ecf6dcb8f707c8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4d56076e8c84b0fe091987d473e40d22 |
| SHA1 | 3726a0f4b24a4f0bd9ffee3ebfe35648a5dc7581 |
| SHA256 | 7b4c3a12b2795aad26789396325e6261d05ff6ea864f3ce7757d399b3c6f6fa9 |
| SHA512 | b44fb77b104f454e0714a007b4944e91d052504bb4f005f20a006a1397836935d0099c3ffbdc2c2715bc776272efecc79270988ada171a3ac13fa9e31565836b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 861ccd430b55f88b30bc956e27a9c516 |
| SHA1 | 81d95ab1b8b31b6cecd57c17b83a16187adbae56 |
| SHA256 | d8afe1bea6ce130d136d89584f4087e6c8d2f03286a57e5cd3f81f9e228cf8ad |
| SHA512 | b92422565724dbc7ecdf30e83e6927a0399af28170443379f0ac970b50cd835748ac4d0ff602d35366f10112b841fabe7e3af16a444b2cd70d656a8d93b29922 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8468179f3ae3e979d00c908292a730e4 |
| SHA1 | 1a97b7c975b4745f220a0d9ce854dd0a12e93b16 |
| SHA256 | 6af5833aff07689602bbf81bed94bb8a032ec6cf93164540d036597c71608e85 |
| SHA512 | d0da8fdcae381d476a41011c8310a122cc63195c2ec215a92316cd2548b84fdc5566e0ae1533758120d6b01d66039402d061309a9e245731c1598107a693b484 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c48b5d5abcf8215b44d9ba3997f69aae |
| SHA1 | 0702dbf98b41c55fd74e0e8e5a2e34d68689c396 |
| SHA256 | f099ff7d59e3e3ad4c24a527a65cc6760e5ae7e30fea2c86b409aee39e241d97 |
| SHA512 | cb44a1c49947b0dd2553b8115a3c5be713ade4400fac540a399aec84c05a787de75f272d7501d87d5e6d6d1c10983f8e150f5c993ca53cc7094107e265150c14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e765f3d75e6b0e4a7119c8b14d47d8da |
| SHA1 | cc9f7c7826c2e1a129e7d98884926076c3714fc0 |
| SHA256 | 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89 |
| SHA512 | a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2718230cbcb6d54f80af49255acd9b89 |
| SHA1 | c46c949df42ab08773924f6a745560c1677cc5e4 |
| SHA256 | 587a72e9d225170e9bd433b31e8e9d8ca6a7824c2602d929d79c8a8bea8f9b44 |
| SHA512 | ddc48ea793ab56f775e67aee4f80e27101417bf964b5b1b416ab2a546ab2d056015e1cf51786910ad443ff28bd17ff8a031c8ece3618555878aa71b7b15e12a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2587a0c6c2d860e86edb04df4239d670 |
| SHA1 | 16e9d5c540467b1ad098f76c6c9b906e0c2c698c |
| SHA256 | a6b628423aa879b654897ac4fc790037e2d5f0c4f2dba1c8ee5aacd989750782 |
| SHA512 | 0febdac073323020764faa7fd5220a8ba1f4ab05fc366af44868fc51112774cf56f93e553b5cfdacf936f650a7d8e4c5c1f226d4a05963830b7c1f45244704cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6997798abcc387b7300dc6ed3c9a0587 |
| SHA1 | 445697c79faef97ccb6adabc1e69af27f3b2114f |
| SHA256 | f8ea060ee9de02f63fe3ba357d2b7cee6db4f742f5df5f08c37f8b7efe409fda |
| SHA512 | 8d3b6c811d94be8e740b1687882b39736fb9f417ce7011f6e63214425d935781175d7025e0f0d32cfe2bc24682d7ef70542ba4ce818faf62e219108dfe139be1 |
memory/5584-1264-0x000001D5F6450000-0x000001D5F6470000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7130c1e55abbc6944b6731f72ea1812a |
| SHA1 | 8659577c20e36632185f3910b2e1a87508a72fbd |
| SHA256 | c4ea45e618cb6cfb54ec89049e2512e9bc923c3ea201846aaa8d6cf5b10c4403 |
| SHA512 | cb50a5ea70dad72ef5e1c9e04e38713be1fdce1e4058d149e654b7fdfca3cd5987ddfd6ca2507bfa0a54a6770188e7a362a76cec2b5fc4c27a851bf120dde7d7 |
memory/5584-1383-0x000001D5F8DA0000-0x000001D5F8DC0000-memory.dmp
memory/5584-1388-0x000001D5F94A0000-0x000001D5F95A0000-memory.dmp
memory/5584-1486-0x000001D5F9FF0000-0x000001D5FA0F0000-memory.dmp
memory/5584-1433-0x000001D5F9740000-0x000001D5F9840000-memory.dmp
memory/5584-1416-0x000001D5F9000000-0x000001D5F9100000-memory.dmp
memory/5584-1400-0x000001D5F95A0000-0x000001D5F96A0000-memory.dmp
memory/5584-1389-0x000001D5F94A0000-0x000001D5F95A0000-memory.dmp
memory/5584-1589-0x000001D5FA5F0000-0x000001D5FA6F0000-memory.dmp
memory/5584-1580-0x000001D5FA5F0000-0x000001D5FA6F0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7F5218FH\account.live[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
memory/5584-1765-0x000001D5FC750000-0x000001D5FC850000-memory.dmp
memory/5584-1819-0x000001D5FAEF0000-0x000001D5FAF10000-memory.dmp
memory/5584-2182-0x000001D5F95A0000-0x000001D5F96A0000-memory.dmp
memory/5584-2184-0x000001D5F6D90000-0x000001D5F6E90000-memory.dmp
memory/5584-2183-0x000001D5F6D90000-0x000001D5F6E90000-memory.dmp
memory/5584-2264-0x000001D5F6D90000-0x000001D5F6E90000-memory.dmp
memory/5584-2397-0x000001D5FD960000-0x000001D5FD980000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c7d6c6937bcb95f7505f256dc5a8523e |
| SHA1 | 3233f820df53d6dd0034ee581a2d38e0757a3422 |
| SHA256 | 161e7ac1aa16cb10a1a20e0d464139b38479cb47ba06208f7ec093e03522dec7 |
| SHA512 | 22084b540d04d36fa11fbf7ea136889075354de1180cd9341a4a55b0fbf1a8a36a0376d8db2a32c8191d1eb29422c366aa6ce2a1a167619cf13f285ef9529e4a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c0fef64252715dbc8e6e9fe82f4edb62 |
| SHA1 | ec33c2ffae6812e2f70abc44750a24b5af895158 |
| SHA256 | 15ee880f2f49294b80fcec1a9ba5dc925a4588e7a8dafa6300b53d1fbc5a832e |
| SHA512 | 3ecc6db319c450401c81f9c8fba6bd629240b656b66a5580569302f268e77d35d3df725201eede2d8446ef935cffebdce441e61fc6cae2940fafa1d6c5e665e7 |