Malware Analysis Report

2024-10-19 07:15

Sample ID 240905-sxdkbstdjl
Target https://github.com/Hacker2425/Ransomware-Builder
Tags
chaos credential_access defense_evasion discovery evasion execution impact ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Hacker2425/Ransomware-Builder was found to be: Known bad.

Malicious Activity Summary

chaos credential_access defense_evasion discovery evasion execution impact ransomware spyware stealer

Chaos

Chaos Ransomware

Deletes shadow copies

Modifies boot configuration data using bcdedit

Deletes backup catalog

Downloads MZ/PE file

Credentials from Password Stores: Windows Credential Manager

Drops startup file

Executes dropped EXE

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Drops desktop.ini file(s)

Sets desktop wallpaper using registry

Drops file in Windows directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Enumerates physical storage devices

Browser Information Discovery

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SendNotifyMessage

Uses Volume Shadow Copy service COM API

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Modifies registry class

Checks SCSI registry key(s)

Interacts with shadow copies

Opens file in notepad (likely ransom note)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-05 15:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-05 15:29

Reported

2024-09-05 15:36

Platform

win11-20240802-en

Max time kernel

387s

Max time network

379s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Hacker2425/Ransomware-Builder

Signatures

Chaos

ransomware chaos

Chaos Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Deletes shadow copies

ransomware defense_evasion impact execution

Modifies boot configuration data using bcdedit

ransomware evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\bcdedit.exe N/A
N/A N/A C:\Windows\system32\bcdedit.exe N/A

Deletes backup catalog

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\wbadmin.exe N/A

Downloads MZ/PE file

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File opened for modification \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.ini.ke3y C:\Windows\system32\taskmgr.exe N/A
File opened for modification \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\read_it.txt C:\Windows\system32\taskmgr.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url C:\Users\Admin\Desktop\Sigma-decrypter\Decrypter.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\read_it.txt C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\svchost.url C:\Windows\system32\taskmgr.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.ke3y C:\Users\Admin\Desktop\Sigma-decrypter\Decrypter.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\read_it.txt C:\Users\Admin\Desktop\Sigma-decrypter\Decrypter.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\Desktop\Sigma-decrypter\Decrypter.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\Desktop\Sigma-decrypter\Decrypter.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-661032028-162657920-1226909816-1000\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\esfk7unbl.jpg" C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pxzy0jndm.jpg" C:\Users\Admin\Desktop\Sigma-decrypter\Decrypter.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Chaos Ransomware Builder v4.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\System32\vds.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\System32\vds.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\vssadmin.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133700239800515526" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000 C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661032028-162657920-1226909816-1000\{935FF968-15AD-46D6-A070-6CD6F74ACE19} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Pictures" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Pictures" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Key created \Registry\User\S-1-5-21-661032028-162657920-1226909816-1000_Classes\NotificationData C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239} C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 540153.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Chaos Ransomware Builder v4.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\download.jpg:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
N/A N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\VapeV4Crack.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3308 wrote to memory of 3912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3308 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Hacker2425/Ransomware-Builder

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff80bd23cb8,0x7ff80bd23cc8,0x7ff80bd23cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,11485844331041049792,8631956989250416368,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,11485844331041049792,8631956989250416368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,11485844331041049792,8631956989250416368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11485844331041049792,8631956989250416368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11485844331041049792,8631956989250416368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,11485844331041049792,8631956989250416368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,11485844331041049792,8631956989250416368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11485844331041049792,8631956989250416368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,11485844331041049792,8631956989250416368,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6012 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,11485844331041049792,8631956989250416368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11485844331041049792,8631956989250416368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1

C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe

"C:\Users\Admin\Desktop\Chaos Ransomware Builder v4.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xec,0x10c,0x7ff80bd23cb8,0x7ff80bd23cc8,0x7ff80bd23cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3444 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1840,2087484419826466469,13924341795944923802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff80bd23cb8,0x7ff80bd23cc8,0x7ff80bd23cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,13133823624911937900,7742893367713517948,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2000 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,13133823624911937900,7742893367713517948,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,13133823624911937900,7742893367713517948,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,13133823624911937900,7742893367713517948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,13133823624911937900,7742893367713517948,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\i0rnbv1l\i0rnbv1l.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1946.tmp" "c:\Users\Admin\Downloads\CSC49D65E13937B485D801170A715175D5B.TMP"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\VapeV4Crack.exe

"C:\Users\Admin\Desktop\VapeV4Crack.exe"

C:\Users\Admin\AppData\Roaming\svchost.exe

"C:\Users\Admin\AppData\Roaming\svchost.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete

C:\Windows\system32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no

C:\Windows\system32\bcdedit.exe

bcdedit /set {default} bootstatuspolicy ignoreallfailures

C:\Windows\system32\bcdedit.exe

bcdedit /set {default} recoveryenabled no

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet

C:\Windows\system32\wbadmin.exe

wbadmin delete catalog -quiet

C:\Windows\system32\wbengine.exe

"C:\Windows\system32\wbengine.exe"

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vdsldr.exe -Embedding

C:\Windows\System32\vds.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\read_it.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80520cc40,0x7ff80520cc4c,0x7ff80520cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,16517426996906898997,16478931703526444022,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1944 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1700,i,16517426996906898997,16478931703526444022,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1984 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,16517426996906898997,16478931703526444022,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2388 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,16517426996906898997,16478931703526444022,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3080 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,16517426996906898997,16478931703526444022,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,16517426996906898997,16478931703526444022,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4448 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4400,i,16517426996906898997,16478931703526444022,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,16517426996906898997,16478931703526444022,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4944 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4680,i,16517426996906898997,16478931703526444022,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1752 -parentBuildID 20240401114208 -prefsHandle 2108 -prefMapHandle 2128 -prefsLen 21255 -prefMapSize 243064 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b16e845-eae3-47bd-a16d-bf16a0e47191} 5520 "\\.\pipe\gecko-crash-server-pipe.5520" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2328 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 21255 -prefMapSize 243064 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3376f465-b574-4151-87ac-69f2fde1b3ed} 5520 "\\.\pipe\gecko-crash-server-pipe.5520" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3060 -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 3048 -prefsLen 21326 -prefMapSize 243064 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f9973b8-ea17-4c7a-b1d4-b991fbb461c3} 5520 "\\.\pipe\gecko-crash-server-pipe.5520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3568 -childID 2 -isForBrowser -prefsHandle 3604 -prefMapHandle 3600 -prefsLen 22176 -prefMapSize 243064 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4882ed21-2bbe-412f-82e0-8355e507be69} 5520 "\\.\pipe\gecko-crash-server-pipe.5520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3532 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4828 -prefMapHandle 1612 -prefsLen 29611 -prefMapSize 243064 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4359416-b62d-4412-b026-c960c138d362} 5520 "\\.\pipe\gecko-crash-server-pipe.5520" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4920 -childID 3 -isForBrowser -prefsHandle 5172 -prefMapHandle 5100 -prefsLen 28144 -prefMapSize 243064 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6478e77-093e-42e7-b29e-61a7885003a4} 5520 "\\.\pipe\gecko-crash-server-pipe.5520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4772 -childID 4 -isForBrowser -prefsHandle 5352 -prefMapHandle 5408 -prefsLen 28144 -prefMapSize 243064 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42217f04-19b2-45ed-bab2-4155d47d3896} 5520 "\\.\pipe\gecko-crash-server-pipe.5520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 5 -isForBrowser -prefsHandle 5492 -prefMapHandle 5496 -prefsLen 28144 -prefMapSize 243064 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {985fc2a9-3019-4866-909f-0d3143b64d21} 5520 "\\.\pipe\gecko-crash-server-pipe.5520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5772 -parentBuildID 20240401114208 -prefsHandle 5700 -prefMapHandle 5704 -prefsLen 30138 -prefMapSize 243064 -appDir "C:\Program Files\Mozilla Firefox\browser" - {652430d0-1f06-41eb-8970-c3e0f782b882} 5520 "\\.\pipe\gecko-crash-server-pipe.5520" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6452 -childID 6 -isForBrowser -prefsHandle 6444 -prefMapHandle 6440 -prefsLen 28770 -prefMapSize 243064 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a329ae50-ba1f-4af7-b5b2-a853f611a336} 5520 "\\.\pipe\gecko-crash-server-pipe.5520" tab

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Users\Admin\Desktop\Sigma-decrypter\Decrypter.exe

"C:\Users\Admin\Desktop\Sigma-decrypter\Decrypter.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 224.0.0.251:5353 udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
GB 88.221.135.3:443 www.bing.com tcp
GB 88.221.135.0:443 www.bing.com tcp
GB 88.221.135.9:443 r.bing.com tcp
GB 88.221.135.9:443 r.bing.com tcp
GB 88.221.135.0:443 www.bing.com tcp
GB 2.19.252.146:443 aefd.nelreports.net tcp
IE 40.126.31.69:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 204.79.197.201:443 testfamilysafety.bing.com tcp
US 150.171.28.10:443 ts3.mm.bing.net tcp
US 150.171.28.10:443 ts3.mm.bing.net tcp
US 150.171.28.10:443 ts3.mm.bing.net tcp
US 150.171.28.10:443 ts3.mm.bing.net tcp
US 150.171.28.10:443 ts3.mm.bing.net tcp
GB 2.18.66.88:443 tcp
GB 2.18.66.88:443 tcp
GB 88.221.135.42:443 r.bing.com tcp
GB 88.221.135.42:443 r.bing.com tcp
GB 88.221.135.42:443 r.bing.com tcp
GB 88.221.135.42:443 r.bing.com tcp
GB 88.221.135.42:443 r.bing.com tcp
GB 88.221.135.42:443 r.bing.com tcp
US 20.42.73.24:443 browser.pipe.aria.microsoft.com tcp
FR 142.250.178.142:443 www.youtube.com tcp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 chrome.google.com udp
FR 172.217.20.174:443 chrome.google.com tcp
FR 172.217.20.196:443 www.google.com udp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 170.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 222.197.79.204.in-addr.arpa udp
FR 216.58.214.170:443 content-autofill.googleapis.com tcp
US 52.123.128.254:443 dual-s-ring.msedge.net tcp
US 8.8.8.8:53 254.128.123.52.in-addr.arpa udp
N/A 127.0.0.1:51563 tcp
US 8.8.8.8:53 254.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
N/A 127.0.0.1:51588 tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 37.158.120.34.in-addr.arpa udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com udp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b0177afa818e013394b36a04cb111278
SHA1 dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5
SHA256 ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d
SHA512 d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

\??\pipe\LOCAL\crashpad_3308_JGDYVKOFSZCLIHXN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9af507866fb23dace6259791c377531f
SHA1 5a5914fc48341ac112bfcd71b946fc0b2619f933
SHA256 5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f
SHA512 c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7e4a4939f3d6cf6f96e429b8ffff9e91
SHA1 115f5bf3ff90b77bd69c3e390cb0cf041e99af3b
SHA256 25ed9d9e77527e3ffe40fa0ca0bb413c3712496fe2f0be6644942e2aed0ce166
SHA512 2131629981b5af24b0cfb9ef471c17086e31207621e279ad988f442d1a8f0facd7b797955df75fb16972500f519d49b79943fc5d93f9276083de94c0984a5886

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 04d736e1b3abbe9716beafb6740b14ab
SHA1 62d6c11efa618488f12aa8229c5ac2deac9f26e7
SHA256 109e6bcfa2ba7942bded38159598fbaba096fc5e3286b102d6c763b95017f4c2
SHA512 29473c0f1631f99954f60635781da0d4abcf6c6a0f36346da3e0094f27f78bd7d5059c1eabe3fc58ed3cad5494829e981dd6acfcffce568a6f7bef180543a301

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 050685c973b64c30555fced594cdfdf0
SHA1 5c37488ffa79ceb20fd4080a208fcf60318cf921
SHA256 2f434ceb86b90fcd4d9530390df92c0e9d01b376d3781058bd864574320d1e7d
SHA512 119db2e27f644f246cc5202ce95b1fa0f242a43280191408d16a2afc1ce9387e6b7063b68b7abe10c938947af7cf379f826a69bcc4569bdfd92cce6cdbc2cc34

C:\Users\Admin\Downloads\Unconfirmed 540153.crdownload

MD5 8b855e56e41a6e10d28522a20c1e0341
SHA1 17ea75272cfe3749c6727388fd444d2c970f9d01
SHA256 f2665f89ba53abd3deb81988c0d5194992214053e77fc89b98b64a31a7504d77
SHA512 eefab442b9c1be379e00c6a7de9d6d7d327ad8fd52d62a5744e104f6caa44f7147a8e74f340870f9c017980a3d8a5a86a05f76434539c01270c442a66b2af908

C:\Users\Admin\Downloads\Chaos Ransomware Builder v4.exe:Zone.Identifier

MD5 0f98a5550abe0fb880568b1480c96a1c
SHA1 d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA256 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512 dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e13f9a5599177d08455d8fdf257b393e
SHA1 610395b49de13cd4f027d3b8d2cc24252216305f
SHA256 69c0b5b469766f75c33950f016e5b4ca253ed47873a70766a14a2afa355536a6
SHA512 1c757058d7b697c9734aa3cd13955f6958013ba178f7382f19065a01f3cbbe4c953ea2f2be4aab0a8f175358eb4f60e2952e50d7f052d2c8fefafad9ffb9e449

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 87d736127f982f6651aa0be7fa387b6d
SHA1 92eb9f7bce0e818bc17c019b45b52fb3d69fa293
SHA256 f7c118384b1105afe1510e8d92936eee843dc0b0dfc912903c5b4f538874148b
SHA512 a2f52a5f2642cda315c37b8a37e404ea8f0b668037621cba5a2de92b09cb31b6e70c1932146d5ff99a0dc0118e7549a629901913fe7ff328613879810731e9db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 13b0d1e12171bb94e7b73cd8afe33a75
SHA1 7354b34be72167c5186a1b5a78b4900b23909364
SHA256 0decf596acbb943869737360fa1ec8cfeae49a8eb351e5e19e129e2134a35162
SHA512 3e5991151d3307f2357a7361bc20f785b656e621c2dc39901fd5143dcb90740dd2e0582e908f62ddace5f8bdf9c7081bbe5070d02588661c78afa4cc60e3f3b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ed5f4213c17629776cd75510648fc019
SHA1 ebfa685dca9b7c920cd5ad521c03e4ad0ce435b9
SHA256 e969795f0e63ec8a35cdf34d5bc43867ca0825bebfed9734943e69b34ed2ad87
SHA512 71bcc166ae5a48f7a79aa5de7ecc7e10dce22c39240ca9ffe9d0f9340f40fc2a2429529cfee8b2b5d7082efe94921fa7df3454852d5313ff4093bfdffc189627

memory/1696-368-0x0000000000830000-0x00000000008BE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a162c134b333ec037a4a88b94992dc
SHA1 e6ec53fec643daca63deb418684b56ccc207f37f
SHA256 17481ee96f204cf1d5b24b2528bc8b3eff33a3dd48656fae8e80bb2e266187e4
SHA512 4d72bba176d1d7537c860249579c5783cfb361366132d7f9bad8ad74bf4786f5ad364ca3205a6f834aa15dc450dc44e2c33bac98697983d55be4d0e76438e0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 b29bcf9cd0e55f93000b4bb265a9810b
SHA1 e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256 f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512 e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13370023802342669

MD5 276f97ee1ed12fb32f6b0f0b77269fa0
SHA1 01b050e75a2ad7ad1440f3dcb281c69b0283bed0
SHA256 efb981cc6ebae2a0dc0cc7b669e787824a7da2276242f6c3e88ec89a11289256
SHA512 2d7c4480fe0729f503363f9d1e89373b06383dc5270308cfb407b298ac74775f98560a1fc9aef41d66ee08b3bf5bb3ca7d5b292544ce1be9b1db67db52508fec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 a14333dc397d317912e1366a7c7f89f3
SHA1 890b6c201b5a0427960c0d0af89054e393bc5f37
SHA256 fe91bb735238d25187d0f80241ffb29762296f8b777a7d4d047d693810f88502
SHA512 c6b5f70d9ea4aabd3d70d81e41851fc3c74bf5d92b102c98f378f9410ec93d330a5746016335f98cf6c06b5308e266d819bca2a06c74cdc7c86f0d7cdafb9b88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 206783b78b67dcf15a030a319048531f
SHA1 643a78aa11fbfff5e4c23dda238718b741dba6fb
SHA256 5852a17dea316d6272abd04af8cbd9cf9dacc6a729e98c765b17d57b897befe6
SHA512 c35b28d19cb6bac1ea41084594c87520d1eae1307872c351b66b2e2fdf60b6b30f7b1c5f6cdd1a16df253c7cff4b318560896f0f714cc6dc7b15e737c88a4fd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a71bd1034952d1a2b93ca1c49e706f1f
SHA1 004285cea522d4eabb21275ba9f08a4379bcf0bd
SHA256 14df733930c518c246396d8277004648f1352a0fb1c51acdc2a1f539da1772c4
SHA512 aa3f7e75c9c9595ad98b98a6534e8fe01b1f28c8574681ea89efda2f07a600f4184ef99e1d38124968df1031b3d18e75ae849a79d49b79e93c7707674fb04165

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 2c0a1e60c6c2f727f95f810707a8348e
SHA1 711dcf0c66a5f9b2b2eeff1ecb1375eb9f9e5164
SHA256 09f57ed1279fb47bb93bceeaff29f1718edcae5957f4d98440122cd82c2cdf2b
SHA512 ff87ea19ebf0b3b87d1d87fc2e7f344ae7755b5236b5bff8062b62e68e5153832a3683b4fc1b93b4a5d4772dc274531ecd771f19ed192c89cac0d49099de1f0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c38a96410c8378947ab9cf617408159b
SHA1 7115b2d028dce05e7c0a7ca7296e5652c07d2f1a
SHA256 f69454459c5a90867c0f08aa60d8db84f08a32e92afdfa33b1b387c6b0856e3d
SHA512 45f1ed31e182d16868915d688d860258cec3a98442ddd64b1c744dfe628e9b80a0892a38f7ed230f0f1a50b3647ab914c31ecb3c4a45ad1b0ecbe218a15f3349

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 edc4520117323713f0dabba9ae485dcf
SHA1 00b69507bc4c7aec2ff7c5d3e5e66cd6525cd47b
SHA256 d8d6909bd49e079d2abb85346553cb2577cdaad3fbdbba668c8da60583429f81
SHA512 741f5d2439635efc7b6436bc24ea001d39889af8fecb44ec3d3d55a0d949701d7980342760e83d7d5b0125ace6d2cf15631c3432d7bfeb82f72d636720a604b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 a1f8a4a481134bd156ddec2dfab4e689
SHA1 70164c77d0eff5fd2d49f5d0e160a5db6f925a07
SHA256 737601f396bec63b94fb5196dcc98ba16d336a81ac8643d61a4396fd641128cf
SHA512 903cec12855140219941db0bd4072874d8332d29946628ee19bea93601fcc590fa4e13207cf586d75b271399bbe115475142d7efc1112330af77898f0b9e1662

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 ddb92ae50f97aaabbcecb32814abb70d
SHA1 37d78f7fa71dc3fcf7ea6209daaf89e5811b3862
SHA256 31f130b97b80033b768ab0d4686c3283376990782ba47bc42ee7a53acffeb57d
SHA512 b9ff8ede18a507509cd87739b2e882f8498f356f44faaf62ef16713c8a7bd8819567e2e6172ff3ee77b1c9e874ef2b981a85aaa3b180007b80f295f2f8eb3f0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 051c86a8ff34a199276eb657d384d5e6
SHA1 e7647c57614cf4d86660656e3f0c7cd769be7764
SHA256 609dd013366af76fbac83bb1309a07ab9e5632180db6690f70afb48d6c115428
SHA512 e660aa594d54c727c2e5f0e247e1308d1594f44363f3a591c221804e30d0edaf365ba25ceca62e14edea6f9098e93501e136a5738956b28676ce689b8166a2d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 4d2b12f47e0cb42de2933c4839586d6a
SHA1 9d6a4ad47e64e6ce6924e6866da6cbf0ba130ad3
SHA256 4d1dc670b168deebf16231ee7122071fe670bf82f94a3506f4f3a340c0c236da
SHA512 447118fc861577989bb40f2f1a24e564a2c0a54f19952b52c585f0b2684119c993285f9d5fd3299f571a7bb1254fb801a11a49d47104a6a22f6398377ff2c698

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 21227b0b8805976f542d62f2a8762b8b
SHA1 d4d542c77a021c83a5e24224d2758c226f6f395c
SHA256 3e38af4411398d5a72cf499298f99bdfb2e19099cdab881c86ec7c82b3320e73
SHA512 3adf75d28efdef57150f7382b597cfdba4221fcf6baa23c3a9bccedeeaa65d1ad158d28572444200a83bea04afa05125ec8107ad603bd509135858564747bb6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 0ec0b4da575c8aabe5d9de11da9428f5
SHA1 9d45dd35305c8fad9931564109be6f1bfee7e205
SHA256 e6cd4b9e8ce86e9cd73d88a96083e9b68804675d8d504c1a015143fd653813cc
SHA512 0db7fc68350725dfaf6d73ea599147c992cf724caa1fc9a6eeefc960437a6c33645c87f4f8cc3be238f7e4e0fbd6cf340e746cf6b4737bc905ba00f940859588

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 92eda2615473ea54c2041d30bc8dc754
SHA1 6dbf9a28e460183c48580a0232175dcb8f07aee0
SHA256 fb2eeaebc03bc2daef7709ce490f3d3a9a8c95c70cfac6f3017bcb19aa04f06a
SHA512 993eeb58f708de89372d2b7796220064c4e84a97f0587a618ed90f2ff6b6e972ebd60d16bca37403a797c9ba897806001ba9443d17b8d8f66b830eea2f12f7a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 afc0eff1431ebe12a23ff9491d0d4896
SHA1 cad8e7c4976d6fa700bb64bdde4290cacf5de8e9
SHA256 6ca619eea137c01fd73c21737fc5ad79200ac8c8e5e5a72eacb5c9c07040e59e
SHA512 c3eb32014874be36380ba3cc685cf85a98a954ca4f6a76076a718b965dfc8caef91861d46968b0378659a10639fa549c5c9db22e3e9149b3d54c1e21e1a2daf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 63d5ca2ba84ad9aaf6f3a5ae129380b6
SHA1 1aefcffb59a490e1ffae2ffd4c3c169d79ba8079
SHA256 8b6c7e8ad4a70a9fb5b853e0b4711357632a43ef559189af3e12ee8f397376ec
SHA512 cb85bd548cfc4df5ff090c3825acb2a4f0bf0a7b522d6ffcbf8560faf807c645365764282ac558f92394e255abceb00cdefce173f9b4d6feb0e5520a944e62e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 8e94764e75444d95795ce4728058006a
SHA1 4f1d5642f444fa461116e0150f69f8818ae1daae
SHA256 36d3bbe34f7d8e4f9b1b35691570817c0699ab79771af56bfead2636a2d03ec5
SHA512 8edc941f239d5690d5478ac72c31f923c7414135b745c92fa6a0e1c021080b90d6422038696489adbd332f9d29cf7f7fc75213598cf3a324e030748bf5a43892

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 4ec77cf21365b51831df7154f9b3318b
SHA1 76b1ae037b9bf8a93026225f59f5f1b6c72b21df
SHA256 7c5f9fff756db95b9367bf7b8450754df087762d5a83463c0130f20096880fc0
SHA512 c09e711d8d7e7fdf9ea8dd267451b172dcd123a7bdbba55c139be80404e7f4e71fc3035782c7da1be08cfd15667d18ba38674334fc7b5bb27a461fe21b7e8415

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 8b815defb6c096090faf352e5b9455fb
SHA1 335127fad1f5e91c4cbe553b340d7b63b2f34ed7
SHA256 506922f7da4930c29cc431da6ecdc25295de8a59e87f447fe6bbf977c2041f37
SHA512 d27dc15589fe93716b6a353a685605ac0d510182e9e4f6c182308c17b388b742dbc3dda2a9728470f5413a1b500327207c6f890f6002606cc7cc301bf26e08a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 2eabce45acbe2a8bd5a909191fd3613b
SHA1 e6a4e2354051608d5385db173e5f4aabd05f20b5
SHA256 25f0cb99f2342c557abe5412ea3719f555609773c04f5bd810b9ef53f36187c2
SHA512 bfe60fa0efe1661aad5fa1ffbef7eacebffe73245c2861032a5a2f143ddadef6fb731439f12df7132bb5a9729b105b1b54d7b4cee0f2531d1d1749232a836519

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 fc3e881a53ba23ae140ef1e95f7ad8cb
SHA1 b2b4d43ccb435cbd8f1ecaaba2750ed783e6aa6b
SHA256 a092bb4e417343276f51a7799b36220202b0c496429dd8c876e354edf8c93509
SHA512 d1d55d06af7750f721a0c1fc4f46ae6281471e96bdeeae9bf76018d9870022fa19de0d849e66b94e38eaede02a711614c21a3c1ff90dfee578ad8440b46f0137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 39be852f5871e27870f2f36315f18d0c
SHA1 8b76415581508135447cad60d7daf28da0d1cc1e
SHA256 47d8cc1c197ca4c7bcb1408d68035b4935f49dd4a027b1e50c6e896b145235b5
SHA512 81ee02a182b9acc09b175e2b07e76752a7a2c219ae2aabb4a5f4ea0153142bef27b62602a3835a6dc6eaa13919255513e4344cc3a1b547b3d541970d000e8f41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 bdf8175f5a21e0a0accee6bf4f6c599f
SHA1 1e00af9df7c878526730b4d3a6cb69ccb5f00177
SHA256 45580c306c2729aa8343e126488f780008d62762e88f74fe5a3192c04d4b05a9
SHA512 2f38a6e59a943e0ebc99886148c32c1981c315fe169ddf1e31f497f1c14af832e01b5f0c2d14d4095c17b4802ebebe57a248af33a336a8f548d58808f007dd16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 55d678cdb122da23898f4767023d8cc9
SHA1 ee89f14559db4f24387c318de7e41d63e3f7ec37
SHA256 2dafa9d3a9a9f8626958f6c8af646020a51cc7e42aa2b9799e5fe37179d082bf
SHA512 32dee7e8594221d543a20eb7ad2fe1266bdc6ace87b53e6284dd840eaf67958d6fe3cea5a7d6fd34de842713c8623a645a619cde2479222c3123dd6384116cae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6299514e8354c33b427ec1abad8e0af9
SHA1 82afe1342bfabcb6653b799a3c96c126edc93ba9
SHA256 453b91fddb83cbdb4df102b08fca666cace28ef4012b2d9ace30654f3dac5232
SHA512 ccda1d60573edd0ac2afd099dba91a37ba627c696a39373f80d4e1a083c755a8bff26aeee91fd36d570def1032dfc0799001dc27a4884c72fb652d2b8a7424ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

MD5 7e86d5c1bf2ff36b15bfbd8fcf748b16
SHA1 59a1515ddff8caec85c4f27ffb17b69a42ec6226
SHA256 82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856
SHA512 943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

MD5 2a029687e73114ebcb4fad10c0114e8a
SHA1 f09cbbed46b9f8c731568bdcee13024e89bda397
SHA256 fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b
SHA512 211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 735bfbe34352e67605a637fd3a2f183e
SHA1 1b96837fd0dc1cb16e51fa7d68c110c4fa27aacb
SHA256 e398204343bd6e3c4035555a076d67bd053a0ba7495b2f05b6e9dab4299c21ae
SHA512 f4194acc5f85bea2c6228238aa47852184c7a54672901a8cd9de9a2d767fe89315e232c29caa71844766fbc82c15297875d60aea9c1cf16fb5abb9df478de49b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 c37e442cff71436d1fef9bf1cfbd2e9d
SHA1 839c5e70e791c9247f58c882492ea52f1b9f9817
SHA256 64fa2da271f11f26b1f871bf20063b435f52d386a063b644ba74b0e22454d032
SHA512 e2b6f75ff7a64db2facdc729b29b525a58b41cc3147a8b2e023161675741e9ca6a6fd9bfbbaf741d411fb774850b3b55810d5674d3f5554c0d9c610dd064cf59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 78fd187937af301e93a0e7fac8cad830
SHA1 9f3ffd9b51dfbe9f1344796a83dbb9afe8342f37
SHA256 8be653b3ec27b59077be31baaa0c13ee075d487f487e146d9c3e4e467d2fc9a2
SHA512 6ae599fec16091ab2553892412d86d378ea0114aada639e33c7f993e3bf6959f82c2e4528274af7405ce448e4d96c8275ecaa4a56b71db2669838f95b88f0e6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13370023802090669

MD5 31e16331e5828bfe734acecf5b54b995
SHA1 729bb227aea825348e4ebdc23ed560d3587b0962
SHA256 c66a0ea3f16f489be40927e36ffc2f0246d9b7be9e2f99da67b253c282d4d949
SHA512 1488e3f8a6f067d5f2fed3c221a2663960076292d894587c8883f487b2a46f4a30390a7e8fb37f504922d352b365010ad9c9b3a206fd83165bb19ffdfb52a4a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 7c2a70f46e03f8396504ea91ee4b578a
SHA1 15d23884600f66a396a9176408d9a7b669ece281
SHA256 15dd5fa36594f6d964993dc866a9a789de52171f922a950da0990cf45741565c
SHA512 0f95b8026512eaf4c26795440c8bd3400ea1abc56427069bb027ba086e04aa0a564bdc130b6be12cc661cb2045e61cfb39756ec518c30c53ecb3e09fa82c628e

memory/1696-441-0x00000000201B0000-0x000000002036F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

MD5 187d161b65c22b519531b0c654680edc
SHA1 3eb50d3986c3e3af84f8c4e686040788ec0e69a9
SHA256 02c1065fde313f1846b1f9314a7bdc2610860f263aad1147dd8433029c5ab2ef
SHA512 997df1198ad056ad7e3270df2a74097c153386c134653f8fe8e5e55295cf271336d553a61a3eb6bef380a43360496f5a29e06d82b62d5147f5521baa9475f549

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

MD5 0b6991d41c6cfcd590c8da900a235938
SHA1 1619a36c947dd8b4860ec5970931d570d89014c3
SHA256 03741c72ea22a9e2d8541b233432bbd7dc252aba173633925b0b7971489c09a7
SHA512 1f00f3279e25da8151daf608d8136aab99b6eb945bfa77f1fb27e090fca89ece256afe527ff29c9aed8546e1338cf0e4a04ed977b662ad11a1c848b75489a190

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f9e7608fec79ea91a1d8cbdfd4c37e87
SHA1 945b2905184ba2e7d57ff163522b14c0f50f91ea
SHA256 56d82e1502abdfcd662d2ad03ce0753c53c2a53d72d59b54d362352ed8ada2ac
SHA512 160085f17bb6750e6136cc67cf6955b4269db0b77727ac627ae8e7619842ba6fbdac237b3496a269904ad60cc986f034c0eaa49e1c333377bb6800e3f6f58ec9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d995bd09b957985d80433794a05ef5f7
SHA1 227f3b6ac86ca05c90fbfe06baa4e63103baeceb
SHA256 b36ab87446df45f2b86d20103810b46b6c323623fe284db656dddd25aaba3945
SHA512 fded45ee36fc06a789e9aa546b053a999898a3490ffdde805cf8feca85d66565fdb0327aec7a17b1473e7cbda9a92317ea1089667cee9cecffc4c41c12cdca1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7d744458f73059c3cd5051ac954148a1
SHA1 92cc8a7197bd28c0878bf613cd3cc46b1f4bd41c
SHA256 66f643758a3a0b54995a259ebd69fe3dc545361f43357d1bd8a4d2d5145cbce2
SHA512 d7365c21a43822e16408d68285bd2b317637b71cea91ad9591994f4faeb95533160deec3aa31dc8cd3533edbf4fc3015910d79541b328e39eefb4a3446746513

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0ab2013a0b59034b354eda7fa4225aba
SHA1 8c6bd414d82287fa2512825471dec9f5bcb27497
SHA256 5cbaf465dcd3bab1fe5b374afa26af6f275921489920ca11aa946a3eb1aee0e1
SHA512 e06f129e70b9c9deeea4b796b5c283948d8d13fd700d8c366037cf225d88f17b42f82f963290633d95c70ffd15af3867c5ffd636d6597ecc984f1eddde553a2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f5b4c3ff8fa86cf5aa7a264a4d31bb8c
SHA1 c7ba4c10f76b80c8b23e56a5dabd9f708172f70b
SHA256 7135e2cca5ba4a27ab1b9ab00b6aa60fea922c788cf9e91fbdb74332a8afbeb4
SHA512 da803f016898633469d427fb5d3e6efedb0bde858aa70422fb436f688ecc97a99e780c36892a54865f024885e7c8aaf97b3369165b96a3711d6b2fe9ed86cff5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b2f548667364754a48b7c66163eb652f
SHA1 32561af520a1a48d87b584e74880867ab26a9a59
SHA256 b8ba0dc4cc70a15fc98b33bd279dc4390df830b0814b936946b01f488a001a1c
SHA512 4fdd7b90eee0fb4b34eaa57e964601ec1dee8cb1d1e656553da8646dfb8149fe0ab879ed29a924fea956651ded6115e0bf1d0ad0ec5046074b67cfac9e21c3cd

memory/1696-895-0x00000000201B0000-0x000000002036F000-memory.dmp

memory/1696-897-0x00000000201B0000-0x000000002036F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fdf8b723c9db40ad4483aa9a68b59abe
SHA1 77d82b6c822ff7a0456b5392bbb5d3c60ff9345c
SHA256 3055d5ddd5c3b93f643fb53df24159b3292d904224d159b1b3484ade8a0a408f
SHA512 bd73972bdf36a5f46a215d5e428c68a35c40937b852090e53d31cfcacf3156f27877990a7b6ef1a15e4259cd8bf183649d4e9fa03adf449dbe8452a3611cc9b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\25c17763-b063-4f01-aae2-d2c6b6db212a.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 60a5a30c56354f7b3b9b0e2e47312e46
SHA1 9676bb0830e493c9ccd39fe5fceb3d397bbf12c1
SHA256 755203eebdae6856afe7e3ff13fbbfe1cd39e2118ef2657420f511d3e209cc59
SHA512 fa230e8915b207706ac51edc69da6942980c65dd63dc3c880e76cada1df216f088bf39fa3338a67d4788d1bedaf693b8e17894126943fee4fc176c408863cc5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bd50832224536b9fb960707b5d631fbd
SHA1 23a02499ec45b549618346707a0be1b0bfb0d4eb
SHA256 0adda1d85480e74f9a5159255ea0115a1614ca8c806ae4317b03f7cfc1f9cdcd
SHA512 b43328d154a88f98e8b0c57d1af4d587e87d7f175ffa5dfd7631853fdc01c19240b3ede49e84af2b9d5fda54193507677f788376d1252a8c4d15c6386a720117

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b5682781d4fc1f83e009d2f9fa74a78b
SHA1 5a11780af0f9714acdbace52004d3ea26d20cbbe
SHA256 731491eade05d82a17232e53382812355ff679ccc095b7bd199541d33ac6c97a
SHA512 798717a37c420259a4432e957837bb5d6b7f7e3507f7a5b042e5ff69b5bee0834e17a1507fb38d51d084494b4919b2828176a30a91c214e5539bf86dd2cbe73e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 15c0c760fc8def9a84b02cbcfec5c68b
SHA1 d21f810fcf460a004118119bb60aba3c5b90dd0e
SHA256 1224adc7db7242bce69550f9e2db4463acf0cab66770925e0d4b83b17adebfcb
SHA512 fe90153e80839f9b1e915802bc8953e567fc42a3a8aadb24afd003572af2203bad694f24d940f973771997cb6c6d4ed8c560639a0de96cb207cc7491a1356974

memory/1696-994-0x00000000201B0000-0x000000002036F000-memory.dmp

memory/1696-1004-0x00000000201B0000-0x000000002036F000-memory.dmp

memory/1696-1006-0x00000000201B0000-0x000000002036F000-memory.dmp

memory/1548-1007-0x0000000000FE0000-0x0000000000FFA000-memory.dmp

C:\Users\Admin\AppData\Roaming\svchost.exe

MD5 8290b3caad9167cc4f68564cafdd5ee8
SHA1 2f45bf5d4195a999c3d6bf6f823a755875417917
SHA256 4fe99d23e274775049d1c6f72c0dcc297c68f1a397aa2a2ad656218075377ccd
SHA512 f21e6c3a2ee216bbaad3a0e37e62186bacb7905d3676f5aaaa96a53a39a66d6f6bc6ef1f5d345a226c6de5a571cb26232c35d159c216992c78a00dd0ed677078

C:\Users\Admin\Documents\read_it.txt

MD5 4217b8b83ce3c3f70029a056546f8fd0
SHA1 487cdb5733d073a0427418888e8f7070fe782a03
SHA256 7d767e907be373c680d1f7884d779588eb643bebb3f27bf3b5ed4864aa4d8121
SHA512 2a58c99fa52f99c276e27eb98aef2ce1205f16d1e37b7e87eb69e9ecda22b578195a43f1a7f70fead6ba70421abf2f85c917551c191536eaf1f3011d3d24f740

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 f95a82d2cef91394d0c448a2af775863
SHA1 b46aa06425a99a9ac70446a65ea4d628ed5c210c
SHA256 249c52e883c0bb71e31c5aa4ec1f5fa9866435b19c3bb954ebf14eea064effb9
SHA512 2e36b38196b62cbbec8465d38d7d21f992ed09a8e863040a13a9c6f5b57e1be8f2096f80d969fd65aa978afbd21026717977822a45b91c717fe743e98be762c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 08ec57068db9971e917b9046f90d0e49
SHA1 28b80d73a861f88735d89e301fa98f2ae502e94b
SHA256 7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512 b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8803540b401d99caf96aeea90a689f71
SHA1 f12a5fef34bbab7a2d85ff9fb73f5e02c713b367
SHA256 b6bef79ea862505117fa1c5c11ee384fef6054458ebca873889b4bfb2c508674
SHA512 d746ef09d3f83d999831275a615a964a8ac480a060747fae7313db6213e5aa5f5a1b7b9f6f12e608ebb5ab11ab437a7ee74dab031447fdc47c0240d4871e2780

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 20038675de61fe88cb7216f35968ee6b
SHA1 2c268a6046237cf5b402d8ff75e0823e18a01801
SHA256 2a66cd4ecc26b14c6ec5bb1711e0f0bc78028933ec0fb2f144b8490c5083e341
SHA512 eabcd194beda77a85da14f0c1fd9e2200e31fbc71a200cc0449b1226e3dfbc8fe6327c9d1bdff32fb72e6a0d7a799c7f1026747fbc98b75c97d3509669d10de1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 57c70df54aa5ff43f52a44ef204d56e1
SHA1 d9cef56d95724102bb05be0eb7215242dd47847d
SHA256 6198d6575dde6c3d53466b1d41406ba7acebe2faf2fca75a9945b103140b4ab5
SHA512 48dedc32cda9862b2fae790b71076aae8360793d79e34141bcb9ee3132f87552340cb6b6d641cd1d8cc2acb7636ab2ea3e4df635dbb2d50b01a168207850d8df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ea88e4972bed486e1082218707974e5e
SHA1 5b1617f8b32d0eabcd0cf439c95fb5d60d763191
SHA256 46bdfc220d1382525726ba62f78681a28c9fa845f612ab39909bfd6e9eb61d1f
SHA512 63c601c24ebb74c03d1d8ae3a183dae39635496d7ab7450203489ef2be8c6a84a4708dc7535a8b6c1ce7e0bf4f22b0082848e3176d92eb346bad4c7811f8509b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5da8b53c2971ee56278ee89bb457a1e9
SHA1 4f0553d6ddb8a10f8cb3054e7ae7aea0ff131c5a
SHA256 6a9c63e012f52cb6fc061e37cecd0d7a236e4869e609ab0c8e2b362e2875fa5b
SHA512 89eaa677c586f4e2ab8704f992e58cd6b2120e0150e4848390ac168f27959e0411839df69b911688531111a7c12e9808ddacd603c8cf75cb6ee0dbfe10e74aae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 df2f4f9957d6eb86f5e27721b5b7d16e
SHA1 ea99c87cbfa3a4267dc78f3262118ed69e3eaf5b
SHA256 0b321df3f7f59bdba5882859ab944cd7ae9f0576b5ebfc6ab4ecdcf96d34ee2d
SHA512 ee8935a90c31d7fc5c38f75a6e9e67a14826791ed32141ff5913b677039ab24b46d534e4ce72ce5c50f13f85234a1e3d15e63164f0be2a219398fdd3095c92ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 58af75296699d33c6af1e68ff2d99ff9
SHA1 c672192d7331f9779a4a37bb898fa14e43938867
SHA256 b5a62cc5c245d7446d151730de8878fe37031f005153fe08acff2693871b310c
SHA512 2c072a0d06df96c6d6054d500ae1f5cc66fb36326c7fea269720e038ef805ac30a828ccff6bb4f987367bd3a9f49f8770729ec136d4e0947d65abac268f8e5cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4150d5b186c1f94b95a3106adfb4b818
SHA1 5b8838fa3c6905e4b5141c5810166400bafe43b8
SHA256 b82f367eff24dee09e1ab18c05fb0b634a92caba98c9c03b1d583435894644b7
SHA512 03bbd6ec09032314b6dfd4135f64fb4f0fbe371f0d37ff76f62844decaf4805e0e03e659b0adc07ba84a4db0e4408aa9827410c3a74df3f49e92c421b5bfa6ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 67eeea98c13a795a7f64d79f898b7804
SHA1 51a80212843eed4574e0e61bf464252940a4329d
SHA256 18205d24bdc7da89d908d89cda2530fb7d3def1c65c75189c82c844adc69b678
SHA512 99b56eb7e6f938b0514a6c57b6dd4c372ee598f89acb301cc2a3f4e6c4098a12dd0b9456b533884909eac6a90ae73e0c7d332f0cc9d77fe837667b57788305f8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqlm3go7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 13b46afa8d52608f6f7d17efe208b0b4
SHA1 e4c2fce0dd852031d928088e210492f819237761
SHA256 a1d2f3163ccb6916a187d0396ac183ac369784254c15c02f4082683b36ce96cc
SHA512 c5a68b7e542c5189e762a51879380907dbc26a78958c6b9b0f2656c5eb6858965b814696d940b07787c827da0366854ae45391f334f43dab5c850546ec1ea86a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqlm3go7.default-release\prefs.js

MD5 d8562242abfd9139b3c7d33e4b688cb8
SHA1 026c7aa9d23a59dd00589e6a6d4bdd982dcee96d
SHA256 63f1b044d73c8af4138f2882cda6ee205ec568b9c35ebb69e96f6ddb1f9fbe99
SHA512 11ea03a24c56eb909e6d073ab178cad287cf68899c02da885043641334a451c34fa53a9f458fe50d5e4c6dc824bddb9eca2a3d0cadc4ba2668321c32aa5fc09b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqlm3go7.default-release\datareporting\glean\db\data.safe.tmp

MD5 62c8586a51fff6b0a28dfa43bbc0fedf
SHA1 d90a12cc027a5263cf7f10bd875927b8dbce466f
SHA256 c11da5160a4368b159a831b062e5ff75bad76a4526461bac71ad23eab2fd84ba
SHA512 136012ea3b52d7fbf1604d5bf9f2907a19df509506b527b3fab4850d16bf92fae86ad4397da72cbb19f062ac71cec0bc974001644f779cf3a88adb5efc306b26

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqlm3go7.default-release\datareporting\glean\pending_pings\785f1107-0eb0-4994-abd7-6f72c1ea3c06

MD5 6c0b4c66bedf25f1a641f880e0ea4aad
SHA1 5c7cd86143ab97dc5237f7361707b05753648c35
SHA256 861b1ba17f6b0833e04ddcb30caa615303c691fb6fdb707e67af9d75279afecf
SHA512 77835a4061cf738f272c0dbf89806b70c83fa4d182fd86fcde9aa69d56574093e0035fbb169f0a8b311d605fb01064c85389dc2c22191a4a460616c62d5f0c9a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqlm3go7.default-release\extensions.json

MD5 87e63a229cec2507bf770276105ed326
SHA1 14b760c26bb940d824a762baaa2e9bc1203b6b4e
SHA256 c0029b84f2dbb60aece0122582de8552540daf8b4df3e44cdc90edb44f1024b4
SHA512 f8aa548afd23245117426ea7861e0aeeb574999b2e2349728fd46959d39ea7031dca1f28c9b1fee420db41516ba27f2bf08966d9485cc31eee5dcc3137a10ab9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqlm3go7.default-release\datareporting\glean\db\data.safe.tmp

MD5 3591f95e11a5c667be14f87e90cb70f2
SHA1 b1e171218835d229a930ffdb2dd13ab9c07ec1a6
SHA256 fad4d05aee9925706bab8b8de7ea468c8b906cc6604d8e8e6d15bfc5d7969bb7
SHA512 6f5d58a9342a8f443be0b098f15920dc7a17c36c5665afff18a0780ef1c4d50b2062d35428256cc9c47eb7cd03ee5001b2395ab6be18e53e12bb610f848330c7

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

MD5 7d1d7e1db5d8d862de24415d9ec9aca4
SHA1 f4cdc5511c299005e775dc602e611b9c67a97c78
SHA256 ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda
SHA512 1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqlm3go7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 b02a9fff120995cd832571fc90c211c8
SHA1 ae3a46f74a5c1013f01bef820b1883a3e3ffcc63
SHA256 d3732658251fef7e9892ef2a9dbbfff32b8a780fb4cff7fbcb9a4f1c0396d93f
SHA512 5ef23448e8adb75ebffb709658060b3d7aae6370508131a4174c8aad3fed9ea6e53720e103c5f1cc60f9666d1292907230f52a85c4b42bd325adb3c778b046f5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqlm3go7.default-release\datareporting\glean\db\data.safe.tmp

MD5 bd3329ed6aeda56d58931680baff86fd
SHA1 e6ddb5589079f1fe180e07b678e38dcbac170176
SHA256 8567b0b8d0ab143bf85e14de212c8a115c8e89ce7863a8449a9f71a6151a9511
SHA512 c849d48fe02edf3f43cacdb977f06f6769b44a6da45feb79a4bc5112c578e614d64da3e22884f92e14a743a14a25d0a720b32d431fa85d86b05d297f681c4895

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqlm3go7.default-release\datareporting\glean\db\data.safe.tmp

MD5 b5b88e6de945b95bf5c288d7da8be200
SHA1 f56b59ccfa83465938273546f17df33926a69178
SHA256 afeb93f3a103e011e3aab4f4e6996054e554aead89fbefeef7431f5180081b9b
SHA512 1992f34a59c1d1a79c917377a80bd720cd618b38a27bc77c294fe4f6a8cf2f1d7e997ca968c5133e646f7e0a03c5213b84078251944f55ef4eb9e1db8cf1897b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sqlm3go7.default-release\activity-stream.discovery_stream.json

MD5 98952fba940c0797e010d94e33e2978a
SHA1 e4bc4099bbe29d4fc764f21fd84f155859b59480
SHA256 e32c5c8274131f4fba38a967bfdbe5104ceacaa8ddee643215f0f1072957d25a
SHA512 0e364f0a951d7687129ab5ede9df75cfe8045d42b746ecb0a71d2b13412c83c75fdad3d6e180de643ef4801d869ff019ec8cf3042b0c3488ede2d2ed9c0f4c3f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqlm3go7.default-release\datareporting\glean\db\data.safe.tmp

MD5 f869529547afdd713e3d2f896f6cc447
SHA1 e279738f9aee228abb947fb32e3770466e1be92d
SHA256 732cfa44feab122855659244a232fc1441bdd0226a6da8d5eecacc207a3867e2
SHA512 442616e26f7b02bae8127bf60688df015a7df7430b1a8d0104776cb8af2ffe45ad0b07d6e644da5578c28fa74e49779af6000ff66fb8f346a7684209a6c2d8b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqlm3go7.default-release\prefs-1.js

MD5 3bf2e62b622a9718a72ab00f8339ec31
SHA1 e760667ef304fffc36f5838bfc5d1145dbe54d5e
SHA256 d98f8e8d0074e5d90203974887dd4075d3b784fdb05c1d7ec70b6391857ff5c1
SHA512 153cc9fe60d9b853aaae1a18261d71a5a15f2cc38d5a520b4556689d0fdc787db0fcf53da9c227924e1be50a423074427fc59252ec28963d26ccf3cbf0f18c97

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqlm3go7.default-release\key4.db

MD5 fef6cc41bfbe5939651bb761502693fc
SHA1 4c25439fc2a62eacd3a72b6e9b7f2e3923171a79
SHA256 9fa2c89cce3fb9ff74372bd3ceb39d95d4dc80c2bc1cd4c2857011d0edb879fb
SHA512 a74c79fb0ca27687d35b4e5af818bbb1053ab64519fda2db67d67679c2ff91a54c35e5689e0889308150515df2fd4e4207d5a59f8c467a39b5b309e7ab944691

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqlm3go7.default-release\AlternateServices.bin

MD5 6c83c5cd385b7cbcc60e4539202e11ba
SHA1 85dbdc53eb207b714815367a8e46841ee3724f96
SHA256 5c40333e2909c69e957f3c609cf835fefa9978982f9f7e70be0f66c63731ca0e
SHA512 4a9aca6d0ef8b1403c6e30d74de80b17a667fd8c5d5e99921d8f100b633902ebcf646e50bc092ac595100306866b1ee6f3553e1326b622e88d6b290c467086a2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sqlm3go7.default-release\cache2\entries\10A0222AFA26BA84074326BA5AAF691B1EB56EDC

MD5 6301e00da30bc1f33353aecc3d5018d0
SHA1 c94d532841848eb371bec9538c3c72036049fd8f
SHA256 994a01aca80f73acc544220806a4ec519bed870488e7f4968fafab8b5eecaf10
SHA512 c75aad1ac96925a2faafb5f05f4198356f8154052b1cb409e78c65ca7ab964c3a393a10fd13b0c6f2858feb60c3d00248cde0cc6f2b1d718f96150d1e8e34623

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqlm3go7.default-release\prefs-1.js

MD5 0cf4f653f8d4b7769b5178f982d60d2b
SHA1 5646076a848dbebda8a458b667be810d2a99d235
SHA256 a3a898b197e6fb5b16836e18d2247e74cc95aad389bdd88e943d85e420a97466
SHA512 99e6e8fb6243d9fd513396e40387d21f0fcde76387369c0e6f94a4acbe2a11b139a8d1b8ff1df939fe9e1a3f869c93ab47b1d4a10bba2b939eba1247bcd15465

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqlm3go7.default-release\datareporting\glean\pending_pings\2f8a4330-8793-4e48-83fb-0d792b99b518

MD5 7ba153ba7013d43148902163a44b9290
SHA1 02f8a46c2c7eeecec605357e077d9490599dc49e
SHA256 9fb413945b1e7187193e8f76d809fd9b4aa91bb26f0e26fd7770c357c3c54770
SHA512 1152a4ffdab03a5c035b6b14c0b0098ca653429394eea390352c8488a79c702b4101b0d62baf590f285974914b7c51ef067c8e9fb9a666616c42c798b3d3436c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqlm3go7.default-release\datareporting\glean\db\data.safe.tmp

MD5 c934203383faac33985012f01e81e200
SHA1 4db9ffbf9708295912f1f9321cbdb7985be326e5
SHA256 de1761f25cb4325ba5b2052d1313017422facef8207ab4db1ac744442139cd53
SHA512 4cb5b505a93ffc90df17f32786fd2d20865c0f793d2e824a65c8260647493f24bdfcfcf5a4f5b654b539582764223ddb52d944121ffa50daf741ca919a078978

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqlm3go7.default-release\datareporting\glean\db\data.safe.tmp

MD5 dc5f42b01b1fe93a363973f4b2db8bfa
SHA1 2a18fef3bba7c3d1da320fcee2aa6489df342e8f
SHA256 9e62683fc44f0e798f707b44f8156961bf850925fe2a14c32ee7a16c66969566
SHA512 f166037cffb58120d2a0c8e9996de254e3af6a04157a4efa437ecea7c45cba8c4e7e346deae5141aeaa3026d650d5d0ce733e805fccb1e5c9cdda477465da020

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 713dfce2058d4f37bada7899e2c18c97
SHA1 848e4b02280a667b0a29fc7938689d9f3a05d8c2
SHA256 d9a81605cc5a8ebef5e6ebdadddce759b96094305e0d56af1a31bd62272ae16f
SHA512 235543c4b95747bb27d15db4c12245c58a0920391d7769073b838af39b31d082956e099c9363e81ae36c1564eff673488131af151fa8ef0a8def9fc1fcfc15dc

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 b8bf22904669c072edbf55a329cf9306
SHA1 c00dfb696d06e04f7e720f3c9460757f77937cc9
SHA256 d69a9962ceccf6eef44a35f2f5930bd2b57caaca1bf289adf7563832d3433b7f
SHA512 8630be9decfed9a73d3a653fae4cc4b151cfe270951621775db268c181b5baf10a7cb46bac2a0cb17b547c08542d1c23e6ee680a7a99cdea72ac6b7aca033db4

memory/3384-2446-0x000002612A530000-0x000002612A531000-memory.dmp

memory/3384-2448-0x000002612A530000-0x000002612A531000-memory.dmp

memory/3384-2447-0x000002612A530000-0x000002612A531000-memory.dmp

memory/3384-2453-0x000002612A530000-0x000002612A531000-memory.dmp

memory/3384-2454-0x000002612A530000-0x000002612A531000-memory.dmp

memory/3384-2452-0x000002612A530000-0x000002612A531000-memory.dmp

memory/3384-2458-0x000002612A530000-0x000002612A531000-memory.dmp

memory/3384-2457-0x000002612A530000-0x000002612A531000-memory.dmp

memory/3384-2456-0x000002612A530000-0x000002612A531000-memory.dmp

memory/3384-2455-0x000002612A530000-0x000002612A531000-memory.dmp

memory/5340-2460-0x0000000000D30000-0x0000000000D6C000-memory.dmp

C:\Users\Admin\Downloads\download.jpg.e890

MD5 c6252511bc6fc1bad890dadd6049ac11
SHA1 198dceb28b813f219c1b40d4441d3d9b41ff7721
SHA256 683985218525bde170aee2ae4e172b9f3e7db6b973cb8b31d8ebeaa3dae98b11
SHA512 22aa7475d1c4d4cb9d12d08b414dba0c243c93e960effba16a45aa40dbfec544cc73883e43990d4c4fd308c37f544d3be858e8c6606f56b5893aa650e5c3f643

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\containers.json

MD5 332d1459439502d9605d59b2c597af52
SHA1 aeee847012744a06ccd5201f288efc6c0ee6094e
SHA256 b32a837702b91f3d6c3a6a50da2e31f1cbe6384e991aefd08eb595a05dd27761
SHA512 18ebc86d13eec67ac1e3705ce9239598f1a9b7ea5d5406ae41b854caba080d4d9f9cf3965643b793e6c8561f96177aa68806bb7ecb700e8515e8ce3be0095278

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\compatibility.ini

MD5 cc26e3da3f8a18ab0edaa8ba362f9efb
SHA1 4141308059d17d5d2d075bbbbd93450e2e1d1844
SHA256 c17ced564ba3438bd8fa8ca7d3c94897882692fa8676b4ea6bf4e260e971dedb
SHA512 a5d1c757788a1b38e2f96cbd814961402bbf0a690b86ccf2a7793aab22e51dc4b5d3a2e18ec6a79fd15126955200b56f12f189e924cd0f6ccaeebb4bb5f9ae34

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\extension-preferences.json

MD5 2ac2badac6239cccb3ea58d3bbfb5612
SHA1 a1075cec8e1c5cf5942f54679093adc8a65bef11
SHA256 5fdf60428cca35107e7e230ad13cefcdcf7804d1e8e897aa223efa2cad677ca8
SHA512 e3dbfd42299a2be77fcd9ff8cd0e7eb701820ae299658061710f512b4401f7f14f88157a87ff9c54a5937acf7d764939ba009c642bc01d2517dceb913d6f4075

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\handlers.json

MD5 a2e4be6328337b95ac3bdad5bd4c0983
SHA1 0badbb13d20ca84b342d077cbc00fdd7b342fc28
SHA256 a0e0f7d600383de873dcb01474154fbbf513bdbe55638481ffce6d198399352c
SHA512 138be3384a3c874c967f0bdd56a6c1bca334deea67d21ade2ff281cfd1f10047561590520bda496b2e4d0130a42295c5ced08cd9d07f10a64ef27226f4daa149

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\shield-preference-experiments.json

MD5 285cdefb3f582c224291f7a2530f3c4e
SHA1 f816c3e87aa007b6e6d31eb6a4618695a7d83439
SHA256 704d28223a4320a853df4a19d48c7015cf79d56a5317cc3475b6305fa43dcc05
SHA512 8f1decf1e4b5755fce8f165daae115f45d6890985c9c4bbb33a6f724cbfd26db75f6da06f9ef675de20fe755da9b7f55e5ee37124296a12a520a393da159bd58