Analysis Overview
Threat Level: Shows suspicious behavior
The file https://github.com/Endermanch/MalwareDatabase/blob/master/jokes/ was found to be: Shows suspicious behavior.
Malicious Activity Summary
ASPack v2.12-2.42
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Detected potential entity reuse from brand microsoft.
Drops file in System32 directory
Drops file in Windows directory
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies registry class
Modifies data under HKEY_USERS
Suspicious behavior: LoadsDriver
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-10 17:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-10 17:22
Reported
2024-08-10 17:29
Platform
win10v2004-20240802-en
Max time kernel
385s
Max time network
380s
Command Line
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\[email protected] | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Detected potential entity reuse from brand microsoft.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\Recovery\ReAgent.xml | C:\Windows\system32\bootim.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\2229298842\453106858.pri | C:\Windows\system32\LogonUI.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\system32\bootim.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\system32\bootim.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\system32\bootim.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\system32\bootim.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\[email protected] | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "103" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\[email protected] | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Users\Admin\Downloads\[email protected] | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e80d43aad2469a5304598e1ab02f9417aa8260001002600efbe110000004b495565d7e4da0100859d3ae2e4da01da8771e9e2e4da0114000000 | C:\Users\Admin\Downloads\[email protected] | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Users\Admin\Downloads\[email protected] | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Users\Admin\Downloads\[email protected] | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\[email protected] | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "4" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000 | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Pictures" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy\{B3690E58-E961-423B-B687-386EBFD83239} | C:\Users\Admin\Downloads\[email protected] | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{281F4643-629B-4907-8A2F-D32849EB0A47} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "3" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Downloads\[email protected] | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Pictures" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Users\Admin\Downloads\[email protected] | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy | C:\Users\Admin\Downloads\[email protected] | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\[email protected] | N/A |
| N/A | N/A | C:\Windows\system32\bootim.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\bootim.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\bootim.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\[email protected] | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\[email protected] | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase/blob/master/jokes/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e3a546f8,0x7ff8e3a54708,0x7ff8e3a54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e0 0x32c
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2764 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap7246:72:7zEvent8040
C:\Users\Admin\Downloads\[email protected]
"C:\Users\Admin\Downloads\[email protected]"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2780 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 /prefetch:8
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://github.com/Endermanch/MalwareDatabase/raw/master/jokes/WindowsUpdate.zip
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8e3a546f8,0x7ff8e3a54708,0x7ff8e3a54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7032 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap23533:88:7zEvent11470
C:\Users\Admin\Downloads\[email protected]
"C:\Users\Admin\Downloads\[email protected]"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://github.com/Endermanch/MalwareDatabase/raw/master/jokes/WindowsUpdate.zip
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8e3a546f8,0x7ff8e3a54708,0x7ff8e3a54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,7573002372449619997,13233562379429901935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 /prefetch:8
C:\Users\Admin\Downloads\[email protected]
"C:\Users\Admin\Downloads\[email protected]"
C:\Windows\System32\BitLockerWizardElev.exe
"C:\Windows\System32\BitLockerWizardElev.exe" C:\ T
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38c6055 /state1:0x41c64e6d
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
C:\Windows\system32\bootim.exe
bootim.exe /startpage:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 27.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 88.221.135.27:443 | r.bing.com | tcp |
| GB | 88.221.135.33:443 | r.bing.com | tcp |
| GB | 88.221.135.33:443 | r.bing.com | tcp |
| GB | 88.221.135.27:443 | r.bing.com | tcp |
| GB | 88.221.135.33:443 | r.bing.com | tcp |
| GB | 88.221.135.33:443 | r.bing.com | tcp |
| GB | 88.221.135.33:443 | r.bing.com | tcp |
| GB | 88.221.135.33:443 | r.bing.com | tcp |
| GB | 88.221.135.33:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 33.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 41.211.222.173.in-addr.arpa | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | testfamilysafety.bing.com | udp |
| NL | 40.126.32.74:443 | login.microsoftonline.com | tcp |
| NL | 40.126.32.74:443 | login.microsoftonline.com | tcp |
| US | 204.79.197.201:443 | testfamilysafety.bing.com | tcp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sydney.bing.com | udp |
| GB | 95.101.143.201:443 | sydney.bing.com | tcp |
| US | 8.8.8.8:53 | 201.143.101.95.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | techcult.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | www.windowscentral.com | udp |
| US | 8.8.8.8:53 | www.wpxbox.com | udp |
| US | 151.101.66.114:443 | www.windowscentral.com | tcp |
| US | 8.8.8.8:53 | www.softwaretestinghelp.com | udp |
| US | 8.8.8.8:53 | www.minitool.com | udp |
| US | 8.8.8.8:53 | www.windowslatest.com | udp |
| US | 8.8.8.8:53 | katystech.blog | udp |
| US | 104.18.21.178:443 | www.minitool.com | tcp |
| US | 172.67.192.119:443 | www.windowslatest.com | tcp |
| US | 172.67.74.163:443 | www.softwaretestinghelp.com | tcp |
| US | 172.67.136.209:443 | www.wpxbox.com | tcp |
| US | 104.21.16.216:443 | katystech.blog | tcp |
| US | 8.8.8.8:53 | 114.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dev.mos.cms.futurecdn.net | udp |
| GB | 185.113.25.70:443 | dev.mos.cms.futurecdn.net | tcp |
| GB | 185.113.25.70:443 | dev.mos.cms.futurecdn.net | tcp |
| US | 8.8.8.8:53 | 178.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.192.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.136.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.16.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.25.113.185.in-addr.arpa | udp |
| US | 104.16.151.108:443 | techcult.com | tcp |
| US | 8.8.8.8:53 | 108.151.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | tse2.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse2.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse2.mm.bing.net | tcp |
| US | 8.8.8.8:53 | b2024479.smushcdn.com | udp |
| GB | 79.127.237.132:443 | b2024479.smushcdn.com | tcp |
| US | 8.8.8.8:53 | news-cdn.softpedia.com | udp |
| US | 8.8.8.8:53 | images.anyrecover.com | udp |
| US | 8.8.8.8:53 | teko.ph | udp |
| US | 8.8.8.8:53 | static1.howtogeekimages.com | udp |
| US | 8.8.8.8:53 | www.techspot.com | udp |
| US | 8.8.8.8:53 | www.diskpart.com | udp |
| US | 104.22.78.92:443 | www.techspot.com | tcp |
| GB | 143.244.38.136:443 | static1.howtogeekimages.com | tcp |
| SG | 54.179.175.109:443 | teko.ph | tcp |
| US | 172.67.72.207:443 | www.diskpart.com | tcp |
| US | 104.22.13.228:443 | news-cdn.softpedia.com | tcp |
| GB | 163.181.154.180:443 | images.anyrecover.com | tcp |
| SG | 54.179.175.109:443 | teko.ph | tcp |
| GB | 143.244.38.136:443 | static1.howtogeekimages.com | tcp |
| US | 104.22.78.92:443 | www.techspot.com | tcp |
| US | 8.8.8.8:53 | 132.237.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.72.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.13.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.78.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.175.179.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.windowsreport.com | udp |
| US | 8.8.8.8:53 | www.testingdocs.com | udp |
| US | 172.67.74.124:443 | www.testingdocs.com | tcp |
| US | 172.67.72.119:443 | cdn.windowsreport.com | tcp |
| US | 172.67.72.119:443 | cdn.windowsreport.com | tcp |
| US | 8.8.8.8:53 | 124.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.72.67.172.in-addr.arpa | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 26.73.42.20.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 23.206.78.251:443 | cxcs.microsoft.net | tcp |
| GB | 95.101.143.219:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 219.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.78.206.23.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 38f59a47b777f2fc52088e96ffb2baaf |
| SHA1 | 267224482588b41a96d813f6d9e9d924867062db |
| SHA256 | 13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b |
| SHA512 | 4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b |
\??\pipe\LOCAL\crashpad_1704_VLUSIKIMHAYXLYDC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ab8ce148cb7d44f709fb1c460d03e1b0 |
| SHA1 | 44d15744015155f3e74580c93317e12d2cc0f859 |
| SHA256 | 014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff |
| SHA512 | f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5b364d13b7c06820c0133ad84c1eaa57 |
| SHA1 | 7675d11fb5e551655893618ffbc1a8a3fbdd45c4 |
| SHA256 | f41947dafef8adaa9648b0f55c914d9c162538201fbb9b84ba3b1498c75f8ce4 |
| SHA512 | 0cb71e6dd1a99c7d41389e4631b97fed9194d609d503a5f0b55b2822a9b8f2ddf5de0952829a20dc3c23488f577cee1e5d1d57965f605f651df409acdfc912bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0362ee22a75312f9e062de567ba0f04f |
| SHA1 | 314d7946a4efaf4dbf63a7c8a4376e68448d5093 |
| SHA256 | dd7b14a0c26dffeca621c4b9a581b4b80c66f362c1f33465d6e5ff0621931fe9 |
| SHA512 | a257eb03ab5b623ba93111dc944dd80e5d4de20e2a736a918c65572001b7d1d9ab383d52f48ad4ebd1ceae0e034d80f3bfae4c3c4ee2b612a2994a18026e619c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 828534e47e2e2ed9e6b418cce5c54f1f |
| SHA1 | 4b3ab2aabfde79110bcb1124ed35f1f488e92592 |
| SHA256 | 95fcb3c81757ae5e82713f835440b013fba249f1dc5e546de30fc39c96ca777e |
| SHA512 | 32ffcae871015682e69fdf87065f9d0f948ba4c07d654c3ab9cb67efd815ac7886bc331a964c7a8b93a790b4793ad26f613b3515c000ec3d71b75d732949e7f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e35fefd12cef5fa5fec4578a01d4aa02 |
| SHA1 | 59d0f8ccf9f3cf4017c1ce0c295104c1f849c9b5 |
| SHA256 | 8c53ac259986f40109067d1e4aefcedfa79c9e448de5181ba9229724e8c39050 |
| SHA512 | abac7b202f656e8bc2448f83bd88e9cd89fb51e104b2d850ec6215992fde4d8d3bfcaf43622cb7d7f498485f6c5714a1c0f1a4f5083a3d6428af690dd5432da5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8898ce64d5165f50f4fad539c2ff2a69 |
| SHA1 | 42f15e0c18b385ff6b905aba9d4fefd3999811e5 |
| SHA256 | f3da84859f240bce1186c4d6c4206e0515b438b2439f2ef871ed7db53397f75d |
| SHA512 | 31bafa7c4db587814572be82ddad6d3bebc0fb2a0af7fdd528436991834b8165afe876853dec49a5edbd23160dd355e1f5c95f997107616e51bb60838a33743c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582b8f.TMP
| MD5 | 084b6c499d1e01aa422f827c843df147 |
| SHA1 | d536dd27613c6db046f1086baa414d33eb711d1d |
| SHA256 | 02a51742e37920fa30d5a7d9536f2b88a83629019804ec20f87a389c49ceabe0 |
| SHA512 | 992eae425f5640c7ca73c099391ec2036dbe040f3f222d43c3a5c39ebb064fc45fbfc506626a77baeb94860bdb48ea23e4a6cd7981a969ee1f2de0f5e440d890 |
C:\Users\Admin\Downloads\Popup.zip
| MD5 | fceafeb5366fde06752d7249463fbdef |
| SHA1 | 4a4663496aa3a84ed23df76cd1ad6b6582c7130c |
| SHA256 | dbe313c710acfb75149045d93887aaae8b62cf8932951baa82b2a995fcf6fefa |
| SHA512 | de03e23d7594730b42897c0afaacaddaa181334efad4a35fb7df21fa0d25e834b391b20ab4e612a4a17a1b0c54a1e33d9be3d1efed4170a86de81eb67ff98f93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0eccbb58f63ea4c47bd32da268f2c148 |
| SHA1 | 25ea0e4eb3757fe69675680afe17f77861b04d54 |
| SHA256 | 3b37a5bab70bddb48e15019f030583ed5b13dd0a664e91674d3e0a789f16ac3d |
| SHA512 | 57ec059860a6e8c192cb33420359ecf6a7b0e4c354800ef561b276113c45d27c6d631611317637f2bb16f844fd5c1c6de8d95b13961b9a63a4b5ffd9a2cef20a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0a071f4c89b290d87f4882b10108b5db |
| SHA1 | 117bb47fff1819fc652a670b6a548c7eb30bdc79 |
| SHA256 | e15a52af3a4615b53ebd7a52b1fba1d0d03672f4df130be4a678109e61571bdb |
| SHA512 | 6d5df4117eee25807942ae5fecab0aff37b2303971c024019ffff1aff905c5a0597edf7bf395c802a47697fa8e97f07f102aacf8e3fc49848aeb42a911293b19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 26a92a3ad037728163648227a04fecf2 |
| SHA1 | d30d164bf7fd94338849bc8452102fa96b63381c |
| SHA256 | 5ab51b58702a1a30df41e51b8dc9e27ccc7695c662ef41e45fee67b0b8a34389 |
| SHA512 | c48a079b2792fbff4b889cc2311c9837a0c30bbc3135e5efabd937dc3a4ca37cf7dd0a0cc08e7f7ad23285759d112c3f5858eb85319edfdd10dbd9fe71a87d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3e09bc875fe63700c9b386451cd9e666 |
| SHA1 | b15bcf0e4782a92137d80cc407a658d92e0b9bbb |
| SHA256 | 7a4fdcb3001249b215c9dce2c067e9e26392b1947f43159e93b49f54df0643fc |
| SHA512 | 3e52b1afdf1038176785e081bbcdb0a8a70cc72f0781849922dde626f71f7808c12f0d0114949a77387a744a34002eb9093e29ec856d33ca0ed3e677458b487e |
C:\Users\Admin\Downloads\[email protected]
| MD5 | 9c3e9e30d51489a891513e8a14d931e4 |
| SHA1 | 4e5a5898389eef8f464dee04a74f3b5c217b7176 |
| SHA256 | f8f7b5f20ca57c61df6dc8ff49f2f5f90276a378ec17397249fdc099a6e1dcd8 |
| SHA512 | bf45677b7dd6c67ad350ec6ecad5bc3f04dea179fae0ff0a695c69f7de919476dd7a69c25b04c8530a35119e4933f4a8c327ed6dcef892b1114dfd7e494a19a7 |
memory/5192-314-0x0000000000400000-0x00000000004DF000-memory.dmp
memory/5192-315-0x0000000000400000-0x00000000004DF000-memory.dmp
memory/5192-318-0x0000000000400000-0x00000000004DF000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | dd0b0966031eb42c365039bee632486f |
| SHA1 | 75980d18328670ec3036a9448e5828a50135c7e3 |
| SHA256 | 0677faf183648bfdb2af0e7c3be795023588fd875636f1c71cbe619b351bd121 |
| SHA512 | d3c54175b706018ecee8f72b288086889f022992b117a599d827f3c17711b84bafbc1a0c886026ab76c4f8c1b18716a34e75e14e5db62db68771a905ce88322f |
memory/5192-330-0x0000000000400000-0x00000000004DF000-memory.dmp
memory/5192-340-0x0000000000400000-0x00000000004DF000-memory.dmp
memory/5192-344-0x0000000000400000-0x00000000004DF000-memory.dmp
memory/5192-349-0x0000000000400000-0x00000000004DF000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5951a171ba7408227f061e6837f085f3 |
| SHA1 | 50da54933d4346f3f4ac521c94fe38b9111c04c5 |
| SHA256 | f3feeceb95e59da207b69ec78336d8d7e821fb98623af732e7637a77e47bd858 |
| SHA512 | 097e5495938a72f53eff3aaaed2d9e3a240cba001f3be26493531296b9d69623212c9cefd7be265ea05a07b184a276af5d53284a444dec3697ae6c5c02035901 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c401c82d40eccd5e9f5eb53b19d082a0 |
| SHA1 | 1e571c821c2fed197cbcce1b2ba5a15ece2f9e1f |
| SHA256 | 9c692960a0e56ccb26f70b5d5adf5fc061e4b2410e2fbbc237e2e145ec3e1a78 |
| SHA512 | 88ee2a38817b4e54944588ccb3b50c933af36f91e1f8b53e1e6507e1fbe8ae27d5dae241fcab5a7cdf01c49ba7d329696fd5c858b664f267889666d94d11865f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c4907f0d82d34d0668d80ce9e3edb146 |
| SHA1 | 47bf35e3c6b64b401d070e887577b5b10843c6eb |
| SHA256 | 63c432008aa55963f28fa4a7c16c20703e9ec086f3291ce8011a007b9c2e417a |
| SHA512 | 58398defa34510ad96c422463d2d56f9ed8bbccd6d01503e79c0ac0ac55c7613cf978feb48201da8f3ded3cafb38ca8501ce579ac0d373fec4f9401eea0ab272 |
memory/5192-383-0x0000000000400000-0x00000000004DF000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1c2b6daeae9aef3f53cb26e9eda866da |
| SHA1 | 7f04b13fe45aa2cbe1cb39e1214edea5704a3084 |
| SHA256 | 008d9d05815a54319fd0b8404b25f9d81a47e0f8dcbe979ba0a521d0fd7d1af7 |
| SHA512 | fc8393ab1fd4b6ba8b3d38e8fdac145e1e4426c3105afafbc103dec1e1da714441b36d54a4cba9ebad05168d23665847b1a227eeedf051df93a0deb4780f6e06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 5d0e354e98734f75eee79829eb7b9039 |
| SHA1 | 86ffc126d8b7473568a4bb04d49021959a892b3a |
| SHA256 | 1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e |
| SHA512 | 4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 78cd7a99c7b5fc56d6ed3572d4343777 |
| SHA1 | 43d81f9bec07993961a71564ad3fe7caf1e0dc9e |
| SHA256 | 189fc5f9598a50ee6827aefa3c68e6075aafea1c121b999bdc00464dea5b6b7f |
| SHA512 | cff123cc763c923316c90461fc213d2b2a6172dfbff1dedd1a67cf1bcd570935b27583e2bf60aea968eea721916001bd29cb8ebdedf7c56096c294e1838c518e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | ff83449181c5edc6441698ff5aded99b |
| SHA1 | 0a73b8333e317ae784774eec3207e4f3be189082 |
| SHA256 | 16e523aeb8e669d1b389794960f5943fcb763abc1f863de28e4278ba5c14ece8 |
| SHA512 | 5700a4f295c161c9a1257602ac6253f95ab0de6ce504362b3b0f09221e188ea20183bf441701c3d3055981c9a192180da0db1c50ec135ae051a40adf3d1ff62f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 179e3cf6194e76ffdd531c61e5fd2f99 |
| SHA1 | 9c11c417fd888962dc45bce42e57108ef8d448ce |
| SHA256 | b62e06a1397f2da92bab6ef6ce5b71a627c89a61e9ae4d142ab3c19d5af9d8d3 |
| SHA512 | 38980eb0859960e808170fdc011165068e4c36a8f5afb2872b29ecabd9796cf6eb6f0c32bee533be3bbd10e773ce0e98b08c83033567d743e05e0beba47fb638 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c51230caa472adc8a4cf8221eda1124d |
| SHA1 | fb7732c48909cc92100c64a2749ab615e6e0b459 |
| SHA256 | e3526228b20f0eb1970caa3ea3b402b3b0f3af05adee4ec87171dac30cf64968 |
| SHA512 | 6745215e1d151b2cbb16e8814e374f6c516749a4ccc757fa080edf2cd107cd7b899025470d4cb805de5786cfc18132ed5b6940028cddc32303e3a69c7cb7ca4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0bb285ef9327277f3e41e203d0fe30a9 |
| SHA1 | 00edd542addad794ca5bb53db6ce7ef2234425bd |
| SHA256 | abac62128386c5ad6afd2852e1f27e1d2e11672f89c05cfa7f41106d9b28de50 |
| SHA512 | 1f4d81c100b5d6d220a8126ee6edb9c66ff0f3b1e29b4a6b83e3ac4b8dd34ebd9fdea9a7deca7f7ee95c0b1cc6a0f326c9b421237e557d4632f6d1c374d69ddb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c
| MD5 | 87df44ae40b7cd5b1bd067431e040c6a |
| SHA1 | 23548651a94e2a66319c5b1623ad374167643791 |
| SHA256 | 95edc9e31c07f888ab37e2cd39f8a6ad05b526db1798d07141c97469916a5d33 |
| SHA512 | e7be65c43431173248a6601ac0e3cbf4c891895bd3477524dc6cb2bbbb5fc672e109e228feeb6a94426503339e948e548de4d78ab3855217fbd8ae79ee805fee |
memory/5192-876-0x0000000000400000-0x00000000004DF000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ba2dd03b1350c58d324d5e455f236263 |
| SHA1 | 03800bcabdfcf0a1b4a9dbd228b794259fd26905 |
| SHA256 | d9cd6e61914da81fc8b53d5a38f01f1d432ef8a51794fff9eafb67530cde4641 |
| SHA512 | d26d04d59733615375486fbd324e31226d6648700106874c0afca42983cd4e231a6d0821c93cdb270cc4b0686b824d3f96cece79f27ab43edea5c595e0ee7838 |
C:\Users\Admin\Downloads\OIP.jpg
| MD5 | 57e598bb93db14544d83c3d9f476325a |
| SHA1 | db150dbbc8f2b48bc4b0dcf83caa2715e91637f7 |
| SHA256 | 5aeb613bfe7239afd308a7e6cff269984358436fb3a9525785482aa4f483e242 |
| SHA512 | 6e69f5bbcc8eadfc34601e83d37bb8b00bfa24e293dcea8b263c0259c3d6fe115fc932f3c55ff00b41266bad8e47a48d4f0e2b82e9678e27f4d0e3da0f46d0e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d888d259c70c3cdcc9274b596b2ad22c |
| SHA1 | 2fe7840aefd169bf686c0c0f5af1e082045310b5 |
| SHA256 | 577474c2331969d9fd080358eefcf2d5eb898a9bd187173e82d9238a9eafc0ca |
| SHA512 | 2e456d4847277f4b073561589fa3ad361766397c9a0e40ff9206296940cbb5c815697cdcbfb49857b15b05ab89141706ac4b112a7cfcf4195ce56b3756518210 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1586f2a36d1849780d5ef3668ef3f77d |
| SHA1 | b9734ba605e1959d4b61277aa93bc43c2bacfac7 |
| SHA256 | 7be5e63fc008072c73cf66f5feab82137d8194ec3768a66123a13d9720e1bc36 |
| SHA512 | 6883c6c8c8ea1f5ee339a03eb8afa0846a9d625f69652c0c8ab0f3db3a0e5c4b01aded33d0b8ef8f53db63a51584a329b2045399edb58d3393887fa2d362e07d |
memory/5192-905-0x0000000000400000-0x00000000004DF000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8f83f458608f6cada21320bd1521aade |
| SHA1 | c48b99985b49f9add72cc4892c60802db3db3ccd |
| SHA256 | 54c516cd3279b28f6b5917defa888ba7a8325dfff3636ee21137b2c6d5ca4eae |
| SHA512 | 5ecd7bbe3602e2ce1df9a087e2b4bb36ff3fc57b9c904293c7f4e4b981ac78f49bd28fb4c6e2f3862c3260ad911ae71d3193ebc69642ad2c77635f2a955eb7e6 |
memory/5192-915-0x0000000000400000-0x00000000004DF000-memory.dmp
memory/5192-921-0x0000000000400000-0x00000000004DF000-memory.dmp
memory/5192-929-0x0000000000400000-0x00000000004DF000-memory.dmp
C:\Users\Admin\Downloads\WindowsUpdate.zip
| MD5 | d39389492bab27ae228b7bf147167ecf |
| SHA1 | 652a4ab9f09826964925f69b951813c29ba0f7d6 |
| SHA256 | 1c7476c3a7a83ae1afb6b7c00a34c0e117bd31fa4ffd7b0f890e0c90587a95a8 |
| SHA512 | d731cacb28e6982667efde3b161fb02ed87609cddabca5552bb59de3eec6f51f7041bfba99a0d1dc52d4fb5c943b5042395983104953ba4370b6eb4c93f60ebe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4bca04b9d722d17b0d8e28754c638fc0 |
| SHA1 | 3de4c4b780bdb73ab973a9790b0a1705f3e5d3dc |
| SHA256 | e54af4e9ebfb9ca37fd3a8e9a59d52a497213db6ce8cb133057bc59c8da8d176 |
| SHA512 | 2d6750102f6ab69cc57fc7d0a40761469f5c13e3f37d70c895fb4a63ee4349fb20545bab1afaf04b97515ad5d7409d88d4ba09f40dd927b681288935b172dd07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 870a50e2b4cb33a6ad649f5176798415 |
| SHA1 | f7330065345509774d3bd764c677de96751c6e63 |
| SHA256 | 00f2b04ee5a96a8f275bc9527a103132888b40a796eb0bfaf25064dc50795e40 |
| SHA512 | 76091c4c26de7c9d0595c42ea47f65952819b129811359e723f1171e10b187022bb17d875a871b4ae2c31b80dcd1f42f375aac4f1a1c5ae6f8e0f0538263d79c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6cb108db8318d1cb7eca82a882d953e7 |
| SHA1 | f91e52c837c9524667625f6a082d9e72acbe2822 |
| SHA256 | 6a6b8fdde224bdca6ba1af197d05fe6bf0e35c9fa73fbcbe482be762f1e0ccce |
| SHA512 | 31fbc64a1db11eb306d5f35144c04a7113ba90236a50b151518452e727a98fea842f985cba1be462ecd0a09105f1b6804c2db8a3688817930405f22521d0331a |
C:\Users\Admin\Downloads\[email protected]
| MD5 | 515198a8dfa7825f746d5921a4bc4db9 |
| SHA1 | e1da0b7f046886c1c4ff6993f7f98ee9a1bc90ae |
| SHA256 | 0fda176b199295f72fafc3bc25cefa27fa44ed7712c3a24ca2409217e430436d |
| SHA512 | 9e47037fe40b79ebf056a9c6279e318d85da9cd7e633230129d77a1b8637ecbafc60be38dd21ca9077ebfcb9260d87ff7fcc85b8699b3135148fe956972de3e8 |
memory/3404-1002-0x0000000000400000-0x00000000006BC000-memory.dmp
memory/5192-1022-0x0000000000400000-0x00000000004DF000-memory.dmp
memory/5180-1031-0x0000000000400000-0x00000000006BC000-memory.dmp
memory/3404-1030-0x0000000000400000-0x00000000006BC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 17585b0fee872e47b38aa4d380e5b5c5 |
| SHA1 | eff529266bbdea988685662fc541e649e8a7041f |
| SHA256 | e4a9963ff46eaa646d28a0a42cec1c79ea59223372c487860ad73df5c3e4989b |
| SHA512 | a5563a8bab2df941b9a38b59e971a145b4ba08e02a22d7ecb06015ae90841c8fd3046b9ceeefc48ee2ed13ee3c8673b171e4cb13e7c64067c66f4369e89f7f81 |
memory/5180-1064-0x0000000000400000-0x00000000006BC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 40929e87328d8ce093583c8eff0d5bb2 |
| SHA1 | f5d1a0bd25c8af8ce2e27e9bfde9a3becb85d91d |
| SHA256 | b1b3bb8185a65d765b5344a0a123cf8d1ef3b79d0234bab30b7f5ee8fed79985 |
| SHA512 | 460890b2bb302ca58c56ea751b506dc83c2430b16a16cdd6a23c89a2eef662c27a949ac769caa376e353618f74708fb7a14b01d5e021468e568ed55644251655 |
memory/3404-1109-0x0000000000400000-0x00000000006BC000-memory.dmp
memory/5180-1111-0x0000000000400000-0x00000000006BC000-memory.dmp
C:\Windows\System32\Recovery\ReAgent.xml
| MD5 | 001bb330e4a374c7823f4b01c2f4323e |
| SHA1 | 94bdd1d5fcbef1c840d029d244645ea767c52c5f |
| SHA256 | 0033dc82e04e6c560ed7269fce3a6922828a564c757f0c9cd9686bee57e96aea |
| SHA512 | f52f30c19d095152d81f71e13f219676d704436d9d5584f38456cf4ae6a6ac79d68badc622892c1af9af423587a661ca0e9ae4528a9b140e1d88bcb97fd6f560 |