Analysis Overview
SHA256
f2d23d431e0fcff74904c0f1af74994a2f94d0e51b597b9eef97f2883e058c0c
Threat Level: Known bad
The file sample was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Chaos Ransomware
Chaos
Deletes shadow copies
Modifies boot configuration data using bcdedit
Deletes backup catalog
Disables Task Manager via registry modification
Executes dropped EXE
Reads user/profile data of web browsers
Checks computer location settings
Drops startup file
UPX packed file
Drops desktop.ini file(s)
Writes to the Master Boot Record (MBR)
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Modifies data under HKEY_USERS
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Modifies registry key
Modifies registry class
Suspicious use of SetWindowsHookEx
Interacts with shadow copies
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks SCSI registry key(s)
Enumerates system info in registry
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Kills process with taskkill
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: AddClipboardFormatListener
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-06 05:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-06 05:19
Reported
2024-09-06 05:23
Platform
win10v2004-20240802-en
Max time kernel
203s
Max time network
204s
Command Line
Signatures
Chaos
Chaos Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Deletes shadow copies
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Deletes backup catalog
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wbadmin.exe | N/A |
Disables Task Manager via registry modification
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\E159.tmp\Cov29Cry.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\covid29-is-here.txt | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E159.tmp\mbr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E159.tmp\Cov29Cry.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E159.tmp\Cov29LockScreen.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\OneDrive\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Saved Games\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Searches\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | F:\$RECYCLE.BIN\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Camera Roll\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Contacts\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Links\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\Links\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\E159.tmp\mbr.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\m5juuafuq.jpg" | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\TrojanRansomCovid29.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\PING.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\E159.tmp\mbr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\shutdown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\E159.tmp\Cov29LockScreen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\PING.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133700735755850400" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{D61C61CE-B343-4BA7-A304-098869144943} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{F207018D-7EB5-4496-BFD9-F5C447A549CD} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{820276DA-3810-4FF7-A0D2-4320FF83FFC0} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings | C:\Windows\SysWOW64\cmd.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Unconfirmed 150861.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 150861.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\shutdown.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\shutdown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\E159.tmp\Cov29Cry.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E159.tmp\Cov29LockScreen.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4964,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=4136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=748,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5416,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5448,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5592,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=5664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6280,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=6312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x260,0x7ff95e63d198,0x7ff95e63d1a4,0x7ff95e63d1b0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2296,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=2300 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1952,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=3412 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2412,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4548,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=4520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4548,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=4520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4920,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=4928,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=5580,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --field-trial-handle=5596,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5972,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4872,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5276,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=6500,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6320,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4592,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --field-trial-handle=6264,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=6696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6516,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=6708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6876,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x528 0x524
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=560,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6888,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5556,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6900,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6280,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --field-trial-handle=7192,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=7196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6252,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=7228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=2960,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=7684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6172,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7648,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --field-trial-handle=4360,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=8144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=8264,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=8300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=8396,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=8420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=7556,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=7560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=5868,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=5872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --field-trial-handle=5864,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Covid29 Ransomware.zip\readme.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5860,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=2832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4276,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4276,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=4192,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=3892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7864,i,2922425255234807177,11652974179647065240,262144 --variations-seed-version --mojo-platform-channel-handle=7656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x260,0x7ff95e63d198,0x7ff95e63d1a4,0x7ff95e63d1b0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2644,i,524273324140783645,17475692070477890647,262144 --variations-seed-version --mojo-platform-channel-handle=2620 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1872,i,524273324140783645,17475692070477890647,262144 --variations-seed-version --mojo-platform-channel-handle=2776 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2196,i,524273324140783645,17475692070477890647,262144 --variations-seed-version --mojo-platform-channel-handle=2928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4504,i,524273324140783645,17475692070477890647,262144 --variations-seed-version --mojo-platform-channel-handle=4548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4504,i,524273324140783645,17475692070477890647,262144 --variations-seed-version --mojo-platform-channel-handle=4548 /prefetch:8
C:\Users\Admin\Desktop\ico_GDIOnly.exe
"C:\Users\Admin\Desktop\ico_GDIOnly.exe"
C:\Users\Admin\Desktop\TrojanRansomCovid29.exe
"C:\Users\Admin\Desktop\TrojanRansomCovid29.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\E159.tmp\TrojanRansomCovid29.bat" "
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\E159.tmp\fakeerror.vbs"
C:\Windows\SysWOW64\PING.EXE
ping localhost -n 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v HideFastUserSwitching /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableChangePassword /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableLockWorkstation /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoLogoff /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\AppData\Local\Temp\E159.tmp\mbr.exe
mbr.exe
C:\Users\Admin\AppData\Local\Temp\E159.tmp\Cov29Cry.exe
Cov29Cry.exe
C:\Windows\SysWOW64\shutdown.exe
shutdown /r /t 300 /c "5 minutes to pay until you lose your data and system forever"
C:\Windows\SysWOW64\PING.EXE
ping localhost -n 9
C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
C:\Windows\system32\wbadmin.exe
wbadmin delete catalog -quiet
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\covid29-is-here.txt
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Users\Admin\AppData\Local\Temp\E159.tmp\Cov29LockScreen.exe
Cov29LockScreen.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4688,i,524273324140783645,17475692070477890647,262144 --variations-seed-version --mojo-platform-channel-handle=4636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4680,i,524273324140783645,17475692070477890647,262144 --variations-seed-version --mojo-platform-channel-handle=4756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4524,i,524273324140783645,17475692070477890647,262144 --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4748,i,524273324140783645,17475692070477890647,262144 --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --field-trial-handle=4756,i,524273324140783645,17475692070477890647,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=4828,i,524273324140783645,17475692070477890647,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4228,i,524273324140783645,17475692070477890647,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4232,i,524273324140783645,17475692070477890647,262144 --variations-seed-version --mojo-platform-channel-handle=2636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4760,i,524273324140783645,17475692070477890647,262144 --variations-seed-version --mojo-platform-channel-handle=5780 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| GB | 2.20.12.101:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| NL | 142.250.102.94:443 | update.googleapis.com | tcp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| GB | 88.221.135.42:443 | www.bing.com | tcp |
| NL | 142.250.102.94:443 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | 94.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 2.20.12.87:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 87.12.20.2.in-addr.arpa | udp |
| GB | 88.221.135.42:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| GB | 88.221.135.34:443 | th.bing.com | tcp |
| GB | 88.221.135.34:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 34.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.143.101.95.in-addr.arpa | udp |
| GB | 95.101.143.201:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.136:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | dl-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 95.101.143.201:443 | www.bing.com | udp |
| GB | 88.221.135.34:443 | www.bing.com | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 41.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| GB | 2.20.12.87:443 | bzib.nelreports.net | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 88.221.135.34:443 | www.bing.com | udp |
| GB | 88.221.135.33:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 33.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2bdc0be02f65930bc74a4cee88ecee3a |
| SHA1 | a8f558a54c79ac35e99f570956e150e9a739d022 |
| SHA256 | 8a7fe50d7d46a53040647f5b08b79baedce86b9fc574ff0795500d8d923d932c |
| SHA512 | 0c9c2a52e1d4785b0e8b146cfeb9ae51ba9738d15f3facb79815dff70694d57bcc4720304b082b7aaed14961fce37e59431dc6c546f9bca604a94286eb8a0b7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b19066c1970584ce9b947b53142a4747 |
| SHA1 | 1cebc407bba32c9a386457e0ad5758dc8faea91d |
| SHA256 | 50e534a1e7699b514ca893bdc5981ee3041556810b6fe686e13b259939444f20 |
| SHA512 | 241cf5de33523a0cc5b904d321061eda40407bdaddcb3c36417b5398aef4797c8b63abea9dd50122e4a9f455f59b99928f406d2a621d34a674d477c6a9a24214 |
\??\pipe\crashpad_3496_IFSUHJOLJACYAOFT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 709fcdc9a287df7da32de7b3a1365694 |
| SHA1 | f98a6a14e8b8a23cc30a67d3d9c3801a47d103cd |
| SHA256 | 8d857fc9157084962dbee80202a52bf2b640d04e6ec5ba52c66c8905fcb35434 |
| SHA512 | 2c7bff54c599d7596ae43999713e359f47f467776466ff81901932cde24b9497c82024a0c9a38d001a59bb5c986b2e5847a76d032c7494dd71ec9e7c29dbcb55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eedd7d55b397dbe5d17fdf332e2cbc13 |
| SHA1 | 93bc7343b53f5b05d473d8c9cf7d09f0913fafe9 |
| SHA256 | c7c39f307aa542cbe0a48ec56aee2296ff2eb702250b7701f2878c96716b6ce9 |
| SHA512 | 6aa61222ce610b266cedcbffddfa27b45018679915bc0a12c33ba6998b3c90bedc6eac487b316ad6dd22ae16e0a00a7198082fb92931be6e9133d76a1c816342 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c884f767c5add0cdbcf767e61874cb39 |
| SHA1 | b38d0fcddaf61b0560e86fb7a8cf77d2de86bd2e |
| SHA256 | 395a4df853e0225fe8c5a3b853265de311214f2b54d5f6b1fa4719afdceae9e5 |
| SHA512 | 8f3c7dbc038c95d27b9eae5e7ca7986927504d82644ffa97ff24d120a80e030cb39797d8c0248eac5d189557baeb0f025227f79612dbb4d672a74a15866bd775 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | e7f4b08b2fee92e8f109792595b788d9 |
| SHA1 | a824df7e5a612054b83d123acaf10e04b4f5a3d9 |
| SHA256 | 75eb346c6bad142d31f8c5be660dbac4c4b37e5b2fda9f28bb34be71aa64c67d |
| SHA512 | b87ef1226502a87c0cc46ef24b7828206bb05812c288a75b0fbf27e68bf26ebec27f8c7e429784ce3d67e3874310fd701d2ade1a25834e31f9970c40ba60eddb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d566e321b9fe4c886fcecaba71a0de22 |
| SHA1 | 0395004cf3697dbe37db94189f77050e958d970c |
| SHA256 | 350ffd9162fb8d6fa771e20954816dedc55ce4c899838bb4ae9afc882297da2c |
| SHA512 | 88a80412b4a72f8eda2a6b3a4f1aece7728f04eac18cecc6a2651df6de153710562c3782dbad59e7f0b552352ec878189a18749ebb3cc86f6764643ecd3768da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 8c0002d8f00098e266cd738471480a12 |
| SHA1 | fea12e3cadfa15867e0f8d10dcf30b9cfcd58060 |
| SHA256 | 021e787e9a9758440a2f8c399ad2aee06f80558367376e37ba82c35557b32dc9 |
| SHA512 | d8f15ea00234ba9583c75b18b37657a535d2bd575a50bfdf80c8a818a4fa6c77316c0a7fa3d945ac498a42153ad08a45f0ecbd0282d87f0037d48c3faaf5c65e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | bff21faca239119a0a3b3cf74ea079c6 |
| SHA1 | 60a40c7e60425efe81e08f44731e42b4914e8ddf |
| SHA256 | 8ea48b2ac756062818bd4ee2d289b88d0d62dc42a36cb6eee5bdd2ff347816c7 |
| SHA512 | f9e5baefacae0cdb7b9c93afc43ad6ec3902b28c0cdf569e1a7013f4e5c8dfb7b389b5e2bc724b4ddfe554437320f4f2cc648642944c6f48ad2a78815acd9658 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 4058c842c36317dcd384b6c2deaa8b95 |
| SHA1 | 1085ddb12b29b79ffe51937ba9cd1957e5e229b4 |
| SHA256 | 0e562969cad63d217848a5080273d1745dc4277d210b68a769c822f2fbfd75f6 |
| SHA512 | 435a67024811360b12339e3916945b0639e2d9319e9d540b73e093848a467b030e91e01917b7fb804eb756dabce2fe53c2d7ea586554ee6cfee70e652a85924a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000004
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 9101760b0ce60082c6a23685b9752676 |
| SHA1 | 0aa9ef19527562f1f7de1a8918559b6e83208245 |
| SHA256 | 71e4b25e3f86e9e98d4e5ce316842dbf00f7950aad67050b85934b6b5fdfcca5 |
| SHA512 | cfa1dc3af7636d49401102181c910536e7e381975592db25ab8b3232bc2f98a4e530bb7457d05cbff449682072ed74a8b65c196d31acb59b9904031025da4af4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | ea5397058cf416acc43ffec321de88d4 |
| SHA1 | ee9f61b93fb22376ce60b54955fe55569e12d4fb |
| SHA256 | 922885e29df2d8d9ffa1b82f319f0aee9548ec1035501e19976fe956a6ed8997 |
| SHA512 | 10716d9cd86ead431533b09004d163db002af5de0825503b0f887b222bd628038f5e5de0b7f808e24a0b05028e7f67c39b2bd8757839ca75ba38190e5afda6a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | de39e77fc09709a08614a6b229d3ba59 |
| SHA1 | 40e58828dc5b5419076bec65128cd1579964ae54 |
| SHA256 | 7148fcb486a37ccd99533243a247f50beb1c33511593593e130982bd2fafcd5e |
| SHA512 | 708e883221d329976fb527b4c524a84fe5f604c83e4a3532e38c2f22a8ca5bd22764ca5479f1a4743aaec34b2d7b5f702f25c7a045b1f13e001c29f7df38ff7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 4150aa27e7b85b4ac6e7a60867b9cc94 |
| SHA1 | daac9f3e9905c220811deeabf2e3b8ffbaa01e95 |
| SHA256 | 0e92458034fddef2602dade1470f015e3b58c907b8f5bcf537bfdfaa881e3eb2 |
| SHA512 | b07de22337316b96844567e20de27d1b617bca4e82b794a7538e55fd7c893b015169f53f0e440c104aeaf72d0355b124e97b48a6ebd1fea60704d1da737affa6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | e9136806009b13fb154b10ea61f76c60 |
| SHA1 | 72197f8479a477b7bd895a6ce3e7a2272bd60c7f |
| SHA256 | 66038df23046f210bc6ca381087a16cde175f7ad1456d23d668f175bcef3909d |
| SHA512 | 16b5b44dea48a5141ab2dccae63545379e15fddd8f6516da098600c3f2e9d58132d26acfe7d1b043e836347ea2e04d6cb56a343ed590915a516cab8d75a724ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fa5015d6f92f174826d9724e089d193e |
| SHA1 | 6c2cd4fa2132f66f43b06c5bd9ac5c169ea69a06 |
| SHA256 | 0d6c0fb170c761c0466e9016c2cb8215be26c1c0847c7c29dcd5df3f1a36394b |
| SHA512 | 76b5c1f864fb90efaf24ac4c3e7ad4a26f20a6788c255fc30b1c7d2edd71c1f0d190f59ea152753f6f4f44190450f3c3aae5d8530fe3ec299d8b2372d4e689b8 |
C:\Users\Admin\Downloads\Unconfirmed 418318.crdownload
| MD5 | 54d39ea808a6244470537178c54e9dd5 |
| SHA1 | 51fb30f7974acf82887f3785f5677b5d8199a434 |
| SHA256 | 29bc356fe0a3545f0e637afa8311b404d4ee6144f4372d816d3a841b8864bc27 |
| SHA512 | bc88590d03e1f1d69a447e6e97bf80890aaaa9f93bae3d7a660a6fffec76a536db7134327a38769b00b8b76ea4edc055cbaad788b8b90e12cd6a8507b5315e23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | d2184e9c961cd469e08fed1ac7258980 |
| SHA1 | fbe128e8a86aa6c3b263b75c0444f340898ae544 |
| SHA256 | f6e93cce3ba47d8978e188754cbb7b21e77364803c8012fc9fe1df241df6959d |
| SHA512 | a2b85c0756832096883b68d9bd401d8969d44006bce259308763fdbe599ca1da9defe0559a57eb2c9fae7afc14e189ebcf20cadb27e158bad885d3f08e4e0204 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d9315b7bbbb6d5cc052a648dcfc3412 |
| SHA1 | dcd6c17ef7858b06a35b9970745556f6cb1169dd |
| SHA256 | 3c5cfc3915b39e7198a395c82ddd1c37500ad0aa79eeb63b87df5a73abc17870 |
| SHA512 | 5eb51d57465ff00883ef5166c53ea96758107497f17f383b595c4a1ffebf303e7bb8a22201e97c21e4aff2cdb03e47b8c39b538f26d0c3f8f42797de1f694183 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 16f981335f53fe755313f9b4baf849fb |
| SHA1 | fec464df886b5af194ce204f79a425a5394c0a57 |
| SHA256 | fa52637729535037aba4fdb8731e5cdc15094b505e889ef4a1ff9516bf362be3 |
| SHA512 | 0351bc39572508919c106e7b86c29c8297bea49bd783037e6c674505b9ef5b96102f601465c837ea38f13079bcd765209ff9641d2f1a53a0b3d70d60b976f698 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | e65a86fb8061af9fb1cf7184872ebf75 |
| SHA1 | 793fd69c89789fee33bf17e7424ddb6543367e36 |
| SHA256 | e2498ea761414fbf7013811375b9c9286ceb2ae1917c7407b754aee7718dd905 |
| SHA512 | 6a6da51bcb03b6b8d2c3d1aace9c4a432ae1811478800eedbf45afaf9b3199507bfa8b5e78e07a088c645637986d186f7c4aba4b906a0dd6e5cbf959e6b5b5d9 |
C:\Users\Admin\AppData\Local\Temp\14709fc4-a8c1-43f1-ac6e-ef1d5957cb0f.tmp
| MD5 | c2c802b751e5a25b524b9369f583c371 |
| SHA1 | eaa3ed8f1c656c3ffb0a434241e65f2dd181ba4d |
| SHA256 | 930ab1d5fcd9864c45ad88911b2b13d84b379d0081dbfa114089eb4750c7d04f |
| SHA512 | 72716b0c22b82ae3e38e21ad8fbc3c738da8bd3ac437e6ca0b022e0094c1d13a2f65f61e6a5c7fad6ee3fc6240990caa73cd8b0e53cf330a655457c6a2b0c37c |
C:\Users\Admin\Downloads\Unconfirmed 150861.crdownload
| MD5 | 272d3e458250acd2ea839eb24b427ce5 |
| SHA1 | fae7194da5c969f2d8220ed9250aa1de7bf56609 |
| SHA256 | bbb5c6b4f85c81a323d11d34629776e99ca40e983c5ce0d0a3d540addb1c2fe3 |
| SHA512 | d05bb280775515b6eedf717f88d63ed11edbaae01321ec593ecc0725b348e9a0caacf7ebcd2c25a6e0dc79b2cdae127df5aa380b48480332a6f5cd2b32d4e55c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 0acd1d21aa1d9147d3c7831793a3a214 |
| SHA1 | b05d36c28b3684db3e6da2777d769b665ad81886 |
| SHA256 | 1ae6bf66ba456467686e673ab9828ecdc7783b525046f612bfe4b6f103f27cc0 |
| SHA512 | 6e7226fd69c0a9d29278f3b665f458092ce78dd5a64e4e907587072fded28caeb82d5cd2d5aca549028aa86331a387fa1e08b5de6571ba216f8f7b748e469b3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 9e933688ffdeea5e50758aa4bae46e2a |
| SHA1 | fc8bfa109a994de00250e7a5439dd5c1129a11f7 |
| SHA256 | 3077a3523f3cf59778d0d5adfcb777390d4a70deec1d194747aa9b7278468469 |
| SHA512 | 961e5325d58925793532ead00bad65821c0138b8aa1017dbcd08ad6d46f42e97705b89fa4859fefb85460bb10c6f4faa8a9d9cff9852e1c9fa565d48cffc4b21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bcb4204befe148b18d50b3d2b1d0d5c2 |
| SHA1 | dc060c9dc4622ac56b619b6aa3b4b64118e58fc8 |
| SHA256 | 2003972bcd5de53f108dafaed46f177ad962935d41a19889912c1edacc5e2800 |
| SHA512 | 3f8cba9356546384219eeb3e81a6f7a1e2a2e361e9b27d12ca8ae16ce82144b12c5a4590cae4bd4d8678b57c4e61628d66326bdb0e93cc6eb2bcca4289dd5f1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dc51104be860b7118cc98a65cf04a373 |
| SHA1 | 713cd865ad78ca612c296ac2f49bba36d2fde016 |
| SHA256 | bd9bd63ab1efb221baa205cc9e4a7b556d6b591dd664cbb29d47296c64e940a9 |
| SHA512 | 28b07b32f5dc72912515ee749d90351598c663671eb82594a49c546954483ec27fe61d2e36cc9fa6cc2179df0579f99c82b4cfae7ad75dd3cb68820abced070d |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | 0ad098a7e8e8e1d6c1322704883e89f1 |
| SHA1 | 74971f5f9757a1f8c61b7ad2515209c40197458f |
| SHA256 | 98ad0e1935a26bd591a02158e54a8b10f8b56de2aaf6cb724b50c906436626a3 |
| SHA512 | e395abb6fbd20ed8274512d35481a88bd6ccb6c4b01d7701cbba82a042e0c10d17f116f2d60cf2ce6bc05b653dbb9b3dd3a9ad61c392753ee42a2d9c1d0c78ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 086f920ca22698a98c2a5502713a2087 |
| SHA1 | cdb8c22df17070b70af1749cfc9ca7d05f0e5757 |
| SHA256 | 872d67e72ab846664bf1b87a32e97fee99c6f736d591fcc9f612dc4605a8590d |
| SHA512 | 941b579d09d729fe0dcab3dd1d76307dc978a0fd75d7964f2eb07fd36a473628acd9a321e8cb9559fe4dee8ea7b8de3711c273c2d688591cd062fa61b0fd42d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aad0613bf27407366bcc01088b832680 |
| SHA1 | 832f52bc1f44fd50ee87786d767a1fad7ff11b7b |
| SHA256 | 9c275d453a0782e1aca78f0909684aeb2604a826eb7d643a60168a54aad37585 |
| SHA512 | 4f28b0ba5016a5ce75b0f48407d8a0f61ec91647697c3df981b85dedac7535ef304623129d7ba676028ae286c34f07bfbcbbd0280cece81411e9d5d168f28ae8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 2c8378e28154bd463d29395bcca8a8bd |
| SHA1 | 0ddcb57d3c2bfbed6fad3f2ae5ef4c77a39c74e2 |
| SHA256 | d893e420313c3358c1e9440bda87eda13624cf8a2df11f063e660e422544784e |
| SHA512 | c613daaa7f9af5f67c3c6fc35bcbc511824967a5688a46eac8fd5582d9321fe25d4cb4b81d0b3b23f7a2d1a0c63aa92de86a50ebd2108862822eddf43c444f36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 9aeeec55943b28b0cde8bd018afcc809 |
| SHA1 | fd383542a7d69fcb265c070e53554b77b8ee0585 |
| SHA256 | dc3300df65ab1ff2faafdff67d48b539c4b91142b4be0096258c51ca4f43f603 |
| SHA512 | fc73b45bea54b43821ab8d76c6628808b6d1d0f73c7b1dbee9485643ee237f6b064d953709c687d95a743982b880d7117c7f78bc394622f1c682235052fc1d60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 433725b4bde3636bc32c47141086c328 |
| SHA1 | 1dde5aaca9f053e387a4f6f9b6d0444926769d79 |
| SHA256 | 42f375e7d3fb51496cf23447933650949a79f1291845dd4348e8a749062baf37 |
| SHA512 | 6a4c46e6737191127510820d0db35101e2f8a249106767eea6540acdbc4154ac9a25f1e6461716cea32f548c270c29f69727c3e1e341c21a927b548acf9e7b59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | f90918aefe751f54979d073c3e8fd023 |
| SHA1 | c0c0e5129d1bde68098fe7c5a0a3d6492442251b |
| SHA256 | ce1bc7b23b44129d182420c9d2de19585dc6d6084dab39fca5c9140d509c7b68 |
| SHA512 | 2457eb760e30d1c8d67d6160d983d46f5c8732c35f871e33bb1451b15d5a86f1d060edb2f3016a342180a2d82fc3730866146a30d4fc142945bc3969cfb5289c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a6bdbfa8aa65b85858f4075299b9b177 |
| SHA1 | 0909839f5a7156ad85b3ffc57eddf1ca002156d3 |
| SHA256 | 2bab7bd05e190bf7d9d9b93fafee9a6b246aaca751b69af494345c59a9c48e8b |
| SHA512 | f028d5a7eba53a11d731d9d1d1cc6361517231c52ade6d2840493616c494d445ab9e56580554a23ce5cfe020dccacaef75b1149386892ea8714233ded62029f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f2846b55675e9c90a3f4439181a0910e |
| SHA1 | 291b8b77c2ce9267e8b2509f8146071344878a47 |
| SHA256 | 5d8ec5990cb34573e5269ea288e71a2152dbce0468ad55bb83f6e99f48edceb2 |
| SHA512 | 36d926c9e20978d76608f5adb8b5b32f3be759075b3eeec29080e911076c14f7c0aaa1e6353fe4c1c675608529b6ca2e5bbcc6980b37f9d771c47784de35d765 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | a4b2bf0dc4ee6d50a519ed3845e77f16 |
| SHA1 | 060b1bd1581c09bf8c48cb4f49afc64e2f68b904 |
| SHA256 | 23d8bd59a20cf823418b8d9e73521965a5169416b2fb15ab9c2ad072285a85e3 |
| SHA512 | f5e29ba62b58bbb24dbf56f0b30a024bced397a4cfe48cce4206206a9ced06cb6ca0342563a833d0af5f8d0d4f3cc7231039b096decba2de4711f62f0b979f0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1
| MD5 | 7d7c9082468b1858eb5d2ab625aea85d |
| SHA1 | fa4d921b816ff858e2a7ad18e90e50c3b994ddb0 |
| SHA256 | 005fbbdbcbbf88cd9a969f65880b6d97288dbebaf1d224e009d4cf7df116943a |
| SHA512 | a116dfbeb0e7c8082b6ebc7f43c58016ea2a8834df0ce5cce433ae982f5f97ed4127b725773264e69152568e369564ac79b1a95cedfeb226ec99e8791a231dee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 59301de32f7ccb0220d633d46c346851 |
| SHA1 | ed2d2493d7d9844b0c2a532aa0a6b0428be44f08 |
| SHA256 | abc326a89422e1d6888e30089fd40a3674af467393d0192ed9d9e65a5cf945af |
| SHA512 | 942a22181b4085a671c299d26a3f4900e718c40fd6c5bf497b391205f2cda14dd8bcdc415b6523e5d4464bec4fb10f82b1303d337fae232ff7cb8c36ccd2cb9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\66224ed3-62b4-4483-acb5-84474719094b.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | 3051c1e179d84292d3f84a1a0a112c80 |
| SHA1 | c11a63236373abfe574f2935a0e7024688b71ccb |
| SHA256 | 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3 |
| SHA512 | df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | ac4c4890fa7b92d5f076e94b226f42af |
| SHA1 | 15af973f75d3440b01f9b849d8a2ab7de4dd7bc4 |
| SHA256 | a2f3c4f186f667d67c725d82bf27ccdcb0f760447fb3ec2abed61f2107105051 |
| SHA512 | cd38b78aab26318c948e583ed3db13c21c76c9d83141f3ce5c45a3c74733e6e9e1329ca5afd4fd8910bc9f9536143ef491e74c04e10a5a38734d4c56d26e5c9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | b07f576446fc2d6b9923828d656cadff |
| SHA1 | 35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103 |
| SHA256 | d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496 |
| SHA512 | 7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 209af4da7e0c3b2a6471a968ba1fc992 |
| SHA1 | 2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f |
| SHA256 | ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403 |
| SHA512 | 09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 6b68456d7b3dbf3c7c686c38c435c262 |
| SHA1 | fd0da7a00d446d992884469015823561d223190d |
| SHA256 | ae9773eb39d757624845e92cea5c94638ebf43af0ecc0583ebebc1a33df3c812 |
| SHA512 | be190bc17dbc5a4e1dd0b4713e44b33671b1d5335f9ce894e85d55ab1d21ffbf4ee0da1177bcd8c06a0267be70985570ab16152b28dc482facf2c908c57b8da9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000003
| MD5 | 8d929c11b582b482e86588bce4becaba |
| SHA1 | e57f21f94538596a0b7a71d683d796dcd3e358e1 |
| SHA256 | da414d0d5f36ab1cdb7857f0eb2a3de81c5323daa039d4558fe82ce3759df77e |
| SHA512 | 31a84fb32b8e8b25fdd28f76dff2cfe5b0eb59fd51e619e862c73f9d4ef740541aa78cefdfb2b4fb7fb5a98b5c9041bb0145693bd9d27841140b1565df5c56e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000002
| MD5 | 6f95ee05998b9294d00e152a5f0b2646 |
| SHA1 | ca5149b1719b4c05286172b4528d4bde7dabe1e8 |
| SHA256 | f0e606e92305e3e6370cbf7956489007d55d6bb80e06cfa4412dec7db60aa378 |
| SHA512 | 838c02bc5899da88c21628f0f7604af169f8bb9830a4b3def60973340658f81e8671abaf4303b370a04c980a6e4ba2d7e7a2a091e56a29156706ae668d3562c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3
| MD5 | 63cb5664d485f394d746112433f4239a |
| SHA1 | 52dda06193e2bffd4b8901ab71c52d2ea17e4b47 |
| SHA256 | bcb22e240facdca158eb0979421468961b22242a2fa81ec36686b31e24f2130a |
| SHA512 | 1c36d42822d966956e09ea887849bf82c72f2e0b4669c50ea0d7ec2ab72fe3b6dc0206b0a58f697771845b3a4e93c2e1da0c7ae8dd1a9163107f1f34ea70f3e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2
| MD5 | 2b7814618db42f997f9a63b2822b6686 |
| SHA1 | 3e76389ed24461f3ab44de07a24a2a0a9b54d9b0 |
| SHA256 | 0ec04fe8bcaa725df56f5b19795749056fdd40d106fe06263d0fbdce58f44c25 |
| SHA512 | 8170725336c6dccfd0f4cfd7dca6ccc48d1a5f2b3f89d91fa81a1336cdbcc6b60f23b24be45047a798029ef1b81ba2081039e3a258afce6faf93f934d74666f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 935f7270e7bc2af9714bb764f66a204e |
| SHA1 | c17fe2cce1b996c7e81dc631e2e98d79f16a3c44 |
| SHA256 | 1583bcf3090ab445a916059b8f262021a2e8e63d4523623a31b9f6d1f0d848b2 |
| SHA512 | e26102eedd1312d5a746468c23a45e359aa92511cdc2b48a4f880d1a08d94e131f80e5a94c8bfedc31d281e345601f428748a1e2c4b2906aa62846e9bd025b59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0
| MD5 | c804f7c1ed4fba8fd9a624b2c33b509b |
| SHA1 | ff0f4ea7dfdcbb652830e2da3ef5fb0c579f7558 |
| SHA256 | e70c47c812969f6820afc0d594b01a6a2af7ceb376c9d7a71bc912c4faf5fb8a |
| SHA512 | 5067ee297d00588c96845d7aba6094aaab9a8a8208055251e702446d764e12aa8d9be488c30adfcbd6c5df0e80c959010c7a8eecdafdc74256bb0834c6d0abdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 13d9fc5a8e6a08c0c5a69771aabababa |
| SHA1 | 575aca095e2a6e479065b6999536cb2212605c94 |
| SHA256 | d0dd30b3b1ddad3590ddb36cbf8c1e4d5419c3e0da25663f37dfd10ace3db618 |
| SHA512 | 9589ab0b2cdae83cdf32b276bf5c10de5769f1c2248c648b4583dbacda2b7aa317e18b2636b2c3bb22b0cbe79c49a37d08611ef088c77e548cf05bf6ac430ddf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | cd7a3e16bb9b77ad8c56812aefc7e701 |
| SHA1 | f2412e7ac045f4b4e7f249a7dcef0b7566567375 |
| SHA256 | 0e0c08ee30fe1a5fb2d83663ef3b8be02211f949e14e5b71a14dd5835c886adc |
| SHA512 | 3cb868c320efd2d4809d6d58d17eab139b350dd028661937752af150e10664600862e09ede3b409cc2d6cc9d227a39a8495669d442cf3c862328dddf46226fed |
memory/1636-1556-0x000000001C480000-0x000000001C94E000-memory.dmp
memory/1636-1557-0x000000001C9F0000-0x000000001CA8C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\955c713e-8882-4ded-b08e-2e414f23b519.tmp
| MD5 | 949e2cfc811fdb990b6737accffc0b06 |
| SHA1 | 7c25ce02d78bd40fc92a8ef357bb990df598613a |
| SHA256 | f4e50c4a92d737ad47a76b5a9c8646c78b44289b46b06bba5baf5a8404724590 |
| SHA512 | 4f9c7f5d83cfa303ae77bcc61e9e2d2d44ad9463c90771af2c307453a80202cf44682844d45d68ba19bc2a2b3c6cb7dc9ff7f66c0727c666d83e2086afdf9671 |
memory/5932-1570-0x0000000000400000-0x00000000005D5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E159.tmp\mbr.exe
| MD5 | 35af6068d91ba1cc6ce21b461f242f94 |
| SHA1 | cb054789ff03aa1617a6f5741ad53e4598184ffa |
| SHA256 | 9ac99df89c676a55b48de00384506f4c232c75956b1e465f7fe437266002655e |
| SHA512 | 136e3066c6e44af30691bcd76d9af304af0edf69f350211cf74d6713c4c952817a551757194b71c3b49ac3f87a6f0aa88fb80eb1e770d0f0dd82b29bfce80169 |
memory/5828-1593-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E159.tmp\Cov29Cry.exe
| MD5 | 8bcd083e16af6c15e14520d5a0bd7e6a |
| SHA1 | c4d2f35d1fdb295db887f31bbc9237ac9263d782 |
| SHA256 | b4f78ff66dc3f5f8ddd694166e6b596d533830792f9b5f1634d3f5f17d6a884a |
| SHA512 | 35999577be0626b50eeab65b493d48af2ab42b699f7241d2780647bf7d72069216d99f5f708337a109e79b9c9229613b8341f44c6d96245fd1f3ac9f05814d6a |
memory/3436-1595-0x0000000000E20000-0x0000000000E40000-memory.dmp
C:\Users\Admin\Desktop\covid29-is-here.txt
| MD5 | c53dee51c26d1d759667c25918d3ed10 |
| SHA1 | da194c2de15b232811ba9d43a46194d9729507f0 |
| SHA256 | dd5b3d185ae1809407e7822de4fced945115b48cc33b2950a8da9ebd77a68c52 |
| SHA512 | da41cef03f1b5f21a1fca2cfbf1b2b180c261a75d391be3a1ba36e8d4d4aefab8db024391bbee06b99de0cb0b8eb8c89f2a304c27e20c0af171b77db33b2d12c |
memory/5932-1673-0x0000000000400000-0x00000000005D5000-memory.dmp
memory/5932-1675-0x0000000000400000-0x00000000005D5000-memory.dmp