Analysis Overview
SHA256
4719b38e7a276b43099ce4d6349e6bfc80edf644ee59d9dafd264bc7ed7691f4
Threat Level: Likely malicious
The file VirtualBox-7.0.14-161095-Win.exe was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Enumerates connected drives
Drops file in System32 directory
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Drops file in Program Files directory
Loads dropped DLL
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of FindShellTrayWindow
Uses Volume Shadow Copy service COM API
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 17:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 17:17
Reported
2024-11-13 17:20
Platform
win11-20241007-en
Max time kernel
168s
Max time network
173s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\DRIVERS\SETBA62.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxSup.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxUSBMon.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SETCC36.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SETCC36.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SETD2EE.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SETBA62.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SETBB3E.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SETBB3E.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SETD2EE.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxNetLwf.sys | C:\Windows\System32\MsiExec.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\DRVSTORE\VBoxSup_5018924056E84EABA285BB0DE5B18677DC64C518\VBoxSup.inf | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxSup_5018924056E84EABA285BB0DE5B18677DC64C518\VBoxSup.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxUSBMon_4DC22822E5ED15CFAF42864CC0F1E63EBC74D076\VBoxUSBMon.inf | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{04c42245-3c23-2c42-8f2d-6e9b0c5eafdc}\SETD195.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{692b6912-ca33-5147-9676-2e473d3d322b}\SETBC56.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c3008a3d-7975-004d-bd88-f01036bed247} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{04c42245-3c23-2c42-8f2d-6e9b0c5eafdc}\VBoxNetLwf.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_8074ac14f1ab2957\netpacer.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{c3008a3d-7975-004d-bd88-f01036bed247}\SETCAED.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c3008a3d-7975-004d-bd88-f01036bed247}\VBoxNetAdp6.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_ee187df79249cd72\VBoxNetAdp6.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{04c42245-3c23-2c42-8f2d-6e9b0c5eafdc}\SETD185.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{04c42245-3c23-2c42-8f2d-6e9b0c5eafdc}\SETD185.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_72f156a5ee3f59e8\netrass.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_6389ef9a2a816fc1\VBoxUSB.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{04c42245-3c23-2c42-8f2d-6e9b0c5eafdc}\SETD184.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_882899f2b1006416\netvwififlt.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c3008a3d-7975-004d-bd88-f01036bed247}\VBoxNetAdp6.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_c5e1a8904c87a072\VBoxNetLwf.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_bc519c177a90877a\c_netservice.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRVSTORE | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{692b6912-ca33-5147-9676-2e473d3d322b}\VBoxUSB.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{692b6912-ca33-5147-9676-2e473d3d322b}\SETBC57.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{692b6912-ca33-5147-9676-2e473d3d322b}\SETBC67.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{692b6912-ca33-5147-9676-2e473d3d322b}\VBoxUSB.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{692b6912-ca33-5147-9676-2e473d3d322b}\SETBC67.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c3008a3d-7975-004d-bd88-f01036bed247}\SETCAEC.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{c3008a3d-7975-004d-bd88-f01036bed247}\SETCAEC.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_c5e1a8904c87a072\vboxnetlwf.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxSup_5018924056E84EABA285BB0DE5B18677DC64C518\VBoxSup.inf | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{692b6912-ca33-5147-9676-2e473d3d322b}\SETBC56.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{692b6912-ca33-5147-9676-2e473d3d322b}\SETBC57.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_6389ef9a2a816fc1\VBoxUSB.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_6389ef9a2a816fc1\VBoxUSB.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c3008a3d-7975-004d-bd88-f01036bed247}\SETCAED.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_c5e1a8904c87a072\VBoxNetLwf.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{04c42245-3c23-2c42-8f2d-6e9b0c5eafdc} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_0525128a3d54207e\netnwifi.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxSup_5018924056E84EABA285BB0DE5B18677DC64C518\VBoxSup.cat | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{692b6912-ca33-5147-9676-2e473d3d322b}\VBoxUSB.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{692b6912-ca33-5147-9676-2e473d3d322b} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{04c42245-3c23-2c42-8f2d-6e9b0c5eafdc}\SETD184.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_d34968d7b3e6da21\ndiscap.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_3debe5e78bab1bca\netbrdg.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_10acfa4b924dd181\netnb.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxUSBMon_4DC22822E5ED15CFAF42864CC0F1E63EBC74D076\VBoxUSBMon.cat | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c3008a3d-7975-004d-bd88-f01036bed247}\VBoxNetAdp6.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{c3008a3d-7975-004d-bd88-f01036bed247}\SETCAFE.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{04c42245-3c23-2c42-8f2d-6e9b0c5eafdc}\VBoxNetLwf.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_6389ef9a2a816fc1\VBoxUSB.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_c5e1a8904c87a072\VBoxNetLwf.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_56c163d21e8c2b62\netserv.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c3008a3d-7975-004d-bd88-f01036bed247}\SETCAFE.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_ee187df79249cd72\VBoxNetAdp6.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_ee187df79249cd72\VBoxNetAdp6.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{04c42245-3c23-2c42-8f2d-6e9b0c5eafdc}\SETD195.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{04c42245-3c23-2c42-8f2d-6e9b0c5eafdc}\VBoxNetLwf.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\wfpcapture.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxUSBMon_4DC22822E5ED15CFAF42864CC0F1E63EBC74D076\VBoxUSBMon.sys | C:\Windows\System32\MsiExec.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_bg.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_en.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_es.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_nl.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\ol9_ks.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxBugReport.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxNetNAT.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VirtualBox_150px.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_ca.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_ka.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\platforms\qoffscreen.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\doc\UserManual.pdf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\ol_ks.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_uk.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_eu.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_hu.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_nl.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_fa.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_pt.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_uk.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\fedora_ks.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\sdk\install\vboxapi\__init__.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_da.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_eu.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_th.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\sqldrivers\qsqlite.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\ol8_ks.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_bg.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_zh_CN.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxDDR0.r0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VirtualBox.VisualElementsManifest.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxManage.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_id.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\Qt5WinExtrasVBox.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\vbox-img.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\sdk\install\vboxapi\VirtualBox_constants.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_hr_HR.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UserManual.qhc | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxWebSrv.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_id.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxAutostartSvc.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_el.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_ru.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_ru.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\win_postinstall.cmd | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\platforms\qminimal.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_ko.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\os2_util.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\INF\oem2.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFBAF746058998FD8E.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e587e43.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB539.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{8DDF4B7A-DE1A-4619-B426-959B44E40A87}\IconVirtualBox | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICA9A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBA0D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{8DDF4B7A-DE1A-4619-B426-959B44E40A87}\IconVirtualBox | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID3A6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e587e43.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB060.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB0D1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB2C6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID123.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem1.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB002.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB071.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e587e45.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem5.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB072.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB559.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBB76.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem0.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{8DDF4B7A-DE1A-4619-B426-959B44E40A87} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBB08.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID134.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB305.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem3.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID443.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF5B31F6461E025CDA.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF4D87DF11C564D82C.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF2D8CE410FCFF3B5D.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
Loads dropped DLL
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\VirtualBox-7.0.14-161095-Win.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service | C:\Windows\System32\MsiExec.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Filters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters | C:\Windows\System32\MsiExec.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133759920183531452" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F05D7E60-1BCF-4218-9807-04E036CC70F1}\NumMethods\ = "14" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3DB2AB1A-6CF7-42F1-8BF5-E1C0553E0B30}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{4DA2DEC7-71B2-4817-9A64-4ED12C17388E}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{AAC6C7CB-A371-4C58-AB51-0616896B2F2C}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{C0447716-FF5A-4795-B57A-ECD5FFFA18A4} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{a0a7f210-b857-4468-be26-c29f36a84345} | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{024F00CE-6E0B-492A-A8D0-968472A94DC7}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{6F89464F-7773-436A-A4DF-592E4E537FA0} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{DD6A1080-E1B7-4339-A549-F0878115596E} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{ADF292B0-92C9-4A77-9D35-E058B39FE0B9}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{d23a9ca3-42da-c94b-8aec-21968e08355d} | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{269D8F6B-FA1E-4CEE-91C7-6D8496BEA3C1}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{300763AF-5D6B-46E6-AA96-273EAC15538A}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D0D93830-70A2-487E-895E-D3FC9679F7B3}\ = "IGuestFileRegisteredEvent" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{F01F1066-F231-11EA-8EEE-33BB2AFB0B6E} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0b3cdeb2-808e-11e9-b773-133d9330f849} | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{9B6E1AEE-35F3-4F4D-B5BB-ED0ECEFD8538} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4D803B4-9B2D-4377-BFE6-9702E881516B}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{101AE042-1A29-4A19-92CF-02285773F3B5} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{25360A74-55E5-4F14-AC2A-F5CF8E62E4AF}\NumMethods\ = "26" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{6620DB85-44E0-CA69-E9E0-D4907CECCBE5}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D7569351-1750-46F0-936E-BD127D5BC264}\1.3\HELPDIR | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D88F2A5A-47C7-4A3F-AAE1-1B516817DB41}\NumMethods | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{45587218-4289-EF4E-8E6A-E5B07816B631}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{6DDEF35E-4737-457B-99FC-BC52C851A44F}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D78374E9-486E-472F-481B-969746AF2480}\NumMethods | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{392f1de4-80e1-4a8a-93a1-67c5f92a838a} | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D37FE88F-0979-486C-BAA1-3ABB144DC82D}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D8E3496E-735F-4FDE-8A54-427D49409B5F}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{7191CF38-3E8A-11E9-825C-AB7B2CABCE23}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5155BFD3-7BA7-45A8-B26D-C91AE3754E37}\NumMethods | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{181dfb55-394d-44d3-9edb-af2c4472c40a} | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A88033D-82DB-4AC2-97B5-E786C839420E}\TypeLib | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{00892186-A4AF-4627-B21F-FC561CE4473C}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{2405F0E5-6588-40A3-9B0A-68C05BA52C4B} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{0CA2ADBA-8F30-401B-A8CD-FE31DBE839C0} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{0DE887F2-B7DB-4616-AAC6-CFB94D89BA78} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{758D7EAC-E4B1-486A-8F2E-747AE346C3E9}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A443DA5B-AA82-4720-BC84-BD097B2B13B8}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0A0904D-2F05-4D28-855F-488F96BAD2B2}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A06253A7-DCD2-44E3-8689-9C9C4B6B6234}\ProxyStubClsid32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A85BBA40-1B93-47BB-B125-DEC708C30FC0}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00727A73-000A-4C4A-006D-E7D300351186}\NumMethods\ = "14" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BC68370C-8A02-45F3-A07D-A67AA72756AA}\NumMethods\ = "33" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ADF292B0-92C9-4A77-9D35-E058B39FE0B9}\NumMethods\ = "19" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{AF398A9A-6B76-4805-8FAB-00A9DCF4732B} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A06FD66A-3188-4C8C-8756-1395E8CB691C}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EA05E40C-CB31-423B-B3B7-A5B19300F40C}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C19073DD-CC7B-431B-98B2-951FDA8EAB89}\ = "IHostUSBDevice" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CAC21692-7997-4595-A731-3A509DB604E5}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E8C25D4D-AC97-4C16-B3E2-81BD8A57CC27}\NumMethods\ = "14" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DE887F2-B7DB-4616-AAC6-CFB94D89BA78}\ProxyStubClsid32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{755E6BDF-1640-41F9-BD74-3EF5FD653250}\ = "IKeyboard" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{9DB3A9E6-7F29-4AAE-A627-5A282C83092C} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C984D15F-E191-400B-840E-970F3DAD7296}\TypeLib | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B66349B5-3534-4239-B2DE-8E1535D94C0B}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{758D7EAC-E4B1-486A-8F2E-747AE346C3E9}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{88394258-7006-40D4-B339-472EE3801844} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E7932CB8-F6D4-4AB6-9CBF-558EB8959A6A}\NumMethods | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{D37FE88F-0979-486C-BAA1-3ABB144DC82D}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{28935887-782B-4C94-8410-CE557B9CFE44}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{81314D14-FD1C-411A-95C5-E9BB1414E632}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD3E2654-A161-41F1-B583-4892F4A9D5D5}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\VirtualBox-7.0.14-161095-Win.exe
"C:\Users\Admin\AppData\Local\Temp\VirtualBox-7.0.14-161095-Win.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 31EDE9B8C5B5CF54CE5DD962D40BB966 C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 7D4A371C8D4C6F8C67D18A2B029639C8
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C5C6CC504BCF21D923BEAC4EA7E64B7F
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding A6DB42BE402F757E941F56912B5321E7 E Global\MSI0000
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf" "9" "48f6bcb47" "0000000000000150" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 3781D5647C83CBFAD6B4273B1551DA7C M Global\MSI0000
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf" "9" "473b17b7b" "0000000000000160" "WinSta0\Default" "0000000000000164" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf" "9" "431e52bcb" "000000000000015C" "WinSta0\Default" "00000000000000F0" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf"
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
"C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"
C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
"C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe" -Embedding
C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe
"C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe0626cc40,0x7ffe0626cc4c,0x7ffe0626cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,527605258520884070,18235440872994255756,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1832 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,527605258520884070,18235440872994255756,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,527605258520884070,18235440872994255756,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2196 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,527605258520884070,18235440872994255756,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,527605258520884070,18235440872994255756,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,527605258520884070,18235440872994255756,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,527605258520884070,18235440872994255756,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4692 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4464,i,527605258520884070,18235440872994255756,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe215d3cb8,0x7ffe215d3cc8,0x7ffe215d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,13095840591649396670,4070354496731531945,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,13095840591649396670,4070354496731531945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,13095840591649396670,4070354496731531945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13095840591649396670,4070354496731531945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13095840591649396670,4070354496731531945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13095840591649396670,4070354496731531945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13095840591649396670,4070354496731531945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,13095840591649396670,4070354496731531945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,13095840591649396670,4070354496731531945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13095840591649396670,4070354496731531945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13095840591649396670,4070354496731531945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13095840591649396670,4070354496731531945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
"C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 255.255.255.255:67 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | e.9.1.8.7.b.f.8.a.c.6.c.2.8.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 255.56.168.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.56.168.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\MSIEC06.tmp
| MD5 | 3e96d4bbea9f87cccdb9f1ba6d14309e |
| SHA1 | 1de6ef91b7d961ea5cbd4e23ca14174dc966b4e3 |
| SHA256 | b5cc30d5a2678bf4a8d1889e1db385bccac012156562551e6c508e0801e912ff |
| SHA512 | e25fcca4699aaeae4f0953c69b65b2ea150c0049c5cf5e4370e279617d6553461f7ce2729fce049d4118ff66c2cd3f7eb537e0fcd8249fad32ce17373cf4b9b2 |
\??\Volume{50662fab-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{ee23f1c9-d83d-4ce0-afa1-470f8396c3c5}_OnDiskSnapshotProp
| MD5 | 055ec6c1baf15873f385fd5c57cb4a8c |
| SHA1 | 4e79ae5e5eb7896a474f8326db4dfb9483749a03 |
| SHA256 | 6a02f7f14481d15a52882d4abeca725cea3e02a8c781beba0e2e0c6d3b1eb914 |
| SHA512 | 16d4297764bffe82455a5d5c17a8dd825c9c36907b51643228bde762c24aec1c6600508595ae7c0e58bd928ec95a1661f8e779e8dca3e5f5455adebf8ca8b4c5 |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 4b9edd6d7682c2308d5eaee042dd15d0 |
| SHA1 | ddeec398fb7989ae4dc08178a1267a72d6b548cd |
| SHA256 | 65ef0eb9f9e17c504a7dba46edc7ba19c3d583e20cb9602e58422c2e8a205b4d |
| SHA512 | 38a1c2b7c35e9e03a4eeb60ec909ef95a2fe1223ee369942a61e8cb29f979100ba073e87eafef3a68b3fbf9b1b94f3f9229b5be878f5ca8a9b1b69a4a18cc495 |
C:\Windows\Installer\MSIB072.tmp
| MD5 | a3ae5d86ecf38db9427359ea37a5f646 |
| SHA1 | eb4cb5ff520717038adadcc5e1ef8f7c24b27a90 |
| SHA256 | c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74 |
| SHA512 | 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0 |
C:\Windows\Installer\MSIB305.tmp
| MD5 | 418322f7be2b68e88a93a048ac75a757 |
| SHA1 | 09739792ff1c30f73dacafbe503630615922b561 |
| SHA256 | ea5d4b4c7e7be1ce24a614ae1e31a58bcae6f1694dd8bfb735cf47d35a08d59b |
| SHA512 | 253f62f5ce75df3e9ac3c62e2f06f30c7c6de6280fbfc830cdd15bf29cb8ee9ed878212f6df5d0ac6a5c9be0e6259f900eccee472a890f15dd3ff1f84958aeef |
C:\Windows\Installer\MSIBA0D.tmp
| MD5 | 8deb7d2f91c7392925718b3ba0aade22 |
| SHA1 | fc8e9b10c83e16eb0af1b6f10128f5c37b389682 |
| SHA256 | cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4 |
| SHA512 | 37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c |
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.inf
| MD5 | 73baef81f0ea58b6dd1b8e38e199e567 |
| SHA1 | 66e89f5fee1ebfa980160984940bd5fa910b7180 |
| SHA256 | b24d35b010526a896ddd4108f10e235054593d79f5939a2d484da12517d351a0 |
| SHA512 | 978a94895e7a9d88eff50f4b552ba7ebdf73b4654d48590afda8b09cddd3d188d11d4bfcad3cac374348237b69d249467ccf04159c88da9fb783fb65d49f14aa |
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.cat
| MD5 | 0b017252806546852e7808267d223e93 |
| SHA1 | 5018924056e84eaba285bb0de5b18677dc64c518 |
| SHA256 | dd54bdd004785dc8e0b0824f49b6ec0665ac0d4623162c3d9dd636ec11dd3a25 |
| SHA512 | 155c330306ca91a4991ee9a5107a2339630e9cd34696206c7ae1526cd2b9fd092753f52cba2ff8bb0da6bb69fdb19fc6f9aaaef6473b5f5765aacd201573dff7 |
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.sys
| MD5 | 6276906d6a4ee29b29ca50b4825d4098 |
| SHA1 | b542ea87c12b788c87ed693d549fcffd562c354f |
| SHA256 | 73fa8b463ee9a95930d98da3f9dd0637e63f06e8cd510bcaa285d91e4dcae2c7 |
| SHA512 | bab6e0947bcc54b95e504e24d5305dbfb7d6c1e60795655a5c308c0a9fd2433bf4449b838f8cbb021479dcf6383f853445f719c8347a7e13f1e05b622b09207a |
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.inf
| MD5 | 16ea0763f8e734401a17973aa0aa366c |
| SHA1 | f206e753616e3ffda643a2f9c657df591020ee93 |
| SHA256 | 23cfad6bdfdac3f08ac6f9d7b79292affe78c834d19939a3a554c2844f54f452 |
| SHA512 | 0d7504e67cdab21733f95188776f1238c2f532d7aeb372963c221c33f2d971e0745ddc86862935c15ab8ed812a0cd77818cffefab221d5f4cac6ac8d8cf43563 |
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.cat
| MD5 | 421e43a41fac5422bead785c7dafece6 |
| SHA1 | 4dc22822e5ed15cfaf42864cc0f1e63ebc74d076 |
| SHA256 | 0d80dc9215057156589b2345f793df8884b6d684e83b1ac725c4e47debd6759e |
| SHA512 | 2d3af370d66e54b260c4ee27c01dd6f97111949593b05fdddd9d1b4a58f882982a96a3ae1628a3ddc7dc7a6e2729842723c1fcd62a180700390c6214b1d751c1 |
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.sys
| MD5 | ea4f74bf86589c6e8f0fb2866b3820aa |
| SHA1 | 17a542351d8cefbc25ba2a184f80a6897566ac7b |
| SHA256 | ade2e8d684cb59bfea99ad09e55bc5f2a808d824c2905ded1366b7d32e906529 |
| SHA512 | 397a2129d9df502636776d49c62ce2887999f3e24f975905f108bf7c2a7196e0227f20f7644cceba9513384781f2988c6e1ce8047f705c872fb3970ce15466cb |
C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf
| MD5 | 9cbb45c10d1d5920e4d9320e8dde36d4 |
| SHA1 | 3efb47a5381654a7f996c4049ffcb7ad671f2c3f |
| SHA256 | b97746731c3f8ceb709020ef1be969721b004f001ea2e55f61a0c395d611b109 |
| SHA512 | e72d534560789d15a6bdaa481d022fb5111b75e8321f0e1947e653c598e7cb8ed1ca25dcc01a4c341cc7bb0fca133f6c92bbb7f3cfb188fdafa0babc7d558ee1 |
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\USB\device\VBoxUSB.cat
| MD5 | 351ea41c61b4b84fbc0a461b1768e104 |
| SHA1 | e9fb74d027a25e4298eb751e2ae156c8806428c6 |
| SHA256 | 36b73da2bc1b809022fa8c8072a52d082a869243dd78b08dfcf75f1146255a31 |
| SHA512 | d0b2f30bcce8e324856f6184f50f7bc24ecf220b575c14166a81ebad7acaa3b14250aefce10e095bb90ea0565be85c7638a03ea289f61c46921b800d3b5a5b5f |
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\USB\device\VBoxUSB.sys
| MD5 | 4669d1db0f07515d41f21f308b4b390d |
| SHA1 | 3400d9f8ce5541e5fd59f546a7a44d98ca7eb331 |
| SHA256 | a6c70813d6afd3c9e191de5127c219d912a11db1a6fda80fd6793a97e5a9e692 |
| SHA512 | 3b285fa9b2fc63cd8f7b756dfcba56022b67aa4ddf5d40fd4611037af92a31502df43b0c2ffe8f28faf5ae97e69497d540cc4028be1abf42b34cc6433eb307a3 |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | 23d62bce3b86787a594dfd80cabe2b78 |
| SHA1 | 8c48fce62c29283121fa61102fd5d05210be8e4a |
| SHA256 | ae283078085b771f1af8062bbba4407a2edc0aa9d4d2fe15ad1b74a625f62d7e |
| SHA512 | 77e75fd48d43608fbcedaef46b13f6bb32293e914f40b9c8774eaa0e74fc63514a30b65f7dcb143283d6da7848396201455f030db3f4420dba3659e002b7980b |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | 9c6ea93ee1d9d5b1e3080a537d5ff13d |
| SHA1 | 2632e586231927c707f028935b4abbf39b56c223 |
| SHA256 | afac61d0b34a15fcb711b36cae256aac05acd06b2e3abc45137cbdb247ea3eeb |
| SHA512 | e0a658a8595a13cec4b75c20f065c4b5586db8c575089c8e450f772095c206473b0d823a0f44ebdd4f3f10df14da75a081f511fdea76086a17f3f91b2d86aeb6 |
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
| MD5 | be3cbab296ab1c9fbbe7dc8e97b06e07 |
| SHA1 | 1f6a242ff2039606ac558c56e4237cc9a9fe28fd |
| SHA256 | f640902d85cbeed89f1f2237297b2eba3240cb4431c64131f2253331e0b67f6d |
| SHA512 | 2742b09e99d45201d2f70df76d9d69369eb666194c39b99627c0d8a06da4de19f3bdc5b83fee7e7f84e7a26db123b5463060b748f4b27eeb3a27049a8589e28a |
C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
| MD5 | 166f9409ec301bd79860933cbb8b6708 |
| SHA1 | aa51281832ad1767b8480ae48760d0e8e1088710 |
| SHA256 | 74dbea34d5b2c424281719df754bd1e4a28cc3c03759cc1d38e23b8fc120a7fd |
| SHA512 | 13f9953e5da10c778c39228e1b379e24647cecad07e8621220569e8869f84db4ce9c0f82faeccb0ec1935e9a161e052fc446e6dc83868554b8a9631a9627e356 |
C:\Program Files\Oracle\VirtualBox\x86\VBoxProxyStub-x86.dll
| MD5 | 6d3c7d2e108cbb7b5389f51ff68bcb9a |
| SHA1 | e47006dbd81b0ad005dfe95339bb54ac59b20f47 |
| SHA256 | 53ed3512437fbeb4277c24790ce67db048f81b60c3669765541495ef88056b88 |
| SHA512 | 0b69c294c32beff25e91ccfc5fd3b26ff76e8a92b81b3f69fc0065ae6c8d8a676039303cc5195bff1d71735a1af97f920ed1a9911bcbcd27a7532f7539605fdf |
C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf
| MD5 | 6016637d32182738bfc71e7e86bfa1a3 |
| SHA1 | ee76c95ba76286743ab9d3420c58c41e0f1793eb |
| SHA256 | 68fca318c6f63b1d46f3a75ad62aedf1977d135411d82e850f09a6e6e7e8765d |
| SHA512 | dc1c2584c8f25b527df9aaebba3ff7cb5ea9427825b1af9f72005f6789aa8502bfe2a16ce1c2229d1ee62b3d553b7792ff943807d753fb5dd50f084cc1815ddc |
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\network\netadp6\VBoxNetAdp6.sys
| MD5 | 2ac0caba931fd7736866c3867f8ca6eb |
| SHA1 | 610700909bb66d0842706dbdeb6540bc843a5d89 |
| SHA256 | 4e619bb6370f4bc4be52f43d6c43f3a86e3e2ce7bb04baadff17d3b731f18f3f |
| SHA512 | cfb1dbd3227941e3f04f366ae661ebe3503ef789e70bc0a438569fbbdc2a2bd89e8d3b978db44e5182f81a0b98b01cc5d70690ebc8d0b5b24a00bba48c3eb866 |
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\network\netadp6\VBoxNetAdp6.cat
| MD5 | 75eb3dc02a8ee04f1f3c96bd80e253a2 |
| SHA1 | ace2f9f1eac41cf6bd3dbb2d69530c6f044afefb |
| SHA256 | a27ffe3f719b5f87c694b273af7e5796cf93a495cd195aff25e44e24fecf8e1b |
| SHA512 | 3d451852408ac7045c1558fb97a21a61d99bae207e3e28050109170999fcaf7f091108d3a15596946aed55497611110040726bccb939850744c5b628db369a75 |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | 554857266949de2e78667e517cc4302c |
| SHA1 | 720dc748064cc283970600ac2d0220ca5721363d |
| SHA256 | 40f07dd859477de01f7a2d52c625117a5f2b058f97f898623c496ffa343ee6e3 |
| SHA512 | 942655e89470159bf9b01f581650724ed9739d379aa01d22295c6c92d87379736af9980f71732d608b3d57b803e0096dadf685528382b531c4a7cd24b141aa3e |
C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf
| MD5 | 4b79c4041164c4d8b24a4f51f25b026a |
| SHA1 | e877f526967674a90108da7be7cf38744e5969c9 |
| SHA256 | dbcc2c6f3dc2a68eabc698d2d7d94837e9f79711dd13b414299e20c00c016779 |
| SHA512 | 8c7ab281df799538f0dd1a2b353c072cb1cada3b57e6aceba5e7f228cecfe5634e26ff05b927d46a6fe0f9e6cdabb4c266cfc1e1a425f04f0f2be9a179bd4a30 |
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\network\netlwf\VBoxNetLwf.cat
| MD5 | 6d9d62401ebc8d8b48e6724c2e162d2e |
| SHA1 | 7d64d6c2b98e6545382a5c3ec31bc71e2d6b3035 |
| SHA256 | e308cfc6edf3b6e969a115eeb111d0fefe0be93e00856ab1280459dd83a9f93f |
| SHA512 | 46244a02f61d6048630312a0827f0141b8e99501d367a6feeaa5d9ae5c157f98969dc50642ad4d03b5863b196456d8d903241b1077809d280b860bd6aba6bee4 |
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\network\netlwf\VBoxNetLwf.sys
| MD5 | 96a60dbff3c4c7217741e0007d0f4abb |
| SHA1 | 1651f89d9ab8455dd4458f605bee3a4ce429e42c |
| SHA256 | cd3af3b853c27626fcfc85997feead0a48e56d618e2129f62fe1b96a203a44c7 |
| SHA512 | bb7de376b7fbb8e8dcf2a49f9c4e195510ae5895d0f612dd9f80fa56197b55b81cd31151bdcacafc616c7998513cca81192460e09b9a433f9b688d706ebf3d48 |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | 6a39605ff751bdd1c9b1ff4e2d4d6091 |
| SHA1 | 3e88818c5bbdeb5b53965921314204c0c8618a46 |
| SHA256 | 2b606c0d7ac4e98f2dbef2e199f122cae1502d389751b92ba1403f574552a2d8 |
| SHA512 | 310a519749ed75b071555b19b9045337cb1d6d1bbf78ac8081e99b239b488b19c0825a80f5cd075fe6e09a8fcbc80ae9669f63dcbae0ffa302952edebd30689a |
C:\Config.Msi\e587e44.rbs
| MD5 | 558082b04d998d9299038460da2b4783 |
| SHA1 | f4c5d044b7149a3cc755d92c9b9a7292aac9975e |
| SHA256 | 41c9fc79aca989c7dc9465e3778c64123af649d46c202ff9384097218297affc |
| SHA512 | cac0247ce01e8a1fc62cf0fbab42a0d84e2faeec682c1271281d79e38f19a50744a50d54ec6c155c3353efaf6dee3188dfef1561d3b6d341b8d0f8b00a06aa75 |
memory/3960-537-0x00007FF705070000-0x00007FF7052F4000-memory.dmp
memory/3960-538-0x00007FFE02670000-0x00007FFE02BB1000-memory.dmp
memory/3960-536-0x00007FFE03F10000-0x00007FFE05AEE000-memory.dmp
C:\Users\Admin\.VirtualBox\VirtualBox.xml
| MD5 | d9d28bd2ef7192fb0efb99607d7a0807 |
| SHA1 | 7fb6f32f1c0f227118613dd7779e1bf0a6e2ce4a |
| SHA256 | dad710b076d96b3de34a58363a3241935bfe205b7240ce57f9d85bf2058e6dd5 |
| SHA512 | e058987d5fd8ea6cd3c3081c7ac45ce1e3719c4a38b46390133b19539fad35a0d8ad699023a3d934d18e3356cb6def62bd197b5a32ad496b620469c55d9efb13 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 3c8cba0053ff235c039ab5e4c8308abe |
| SHA1 | dd80bdb2e849b176774ca99d774a2a2ecd90c0a0 |
| SHA256 | ae541c545ec04a770e1a88d5da5f322aaa25ede7fa377297c735dfed0efde9c3 |
| SHA512 | a2535625ba2862803b79e53987396b2fb34ef6386a4754c6e7df579ce067778a07611ccda678acf353e945e9e1d4e8ea7ea283dbe7dd6fd0537dd7c54c17631c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1d12371cdb0cb11cc00743860a0920bb |
| SHA1 | 871fc38b67be4bd17b8e3b668db89177cdab988d |
| SHA256 | 1144c2675d9a7669741a926981007ea070e7ae5c0782b1bece9ca88a0c6a9bd3 |
| SHA512 | 32b6409cc1e90d6f816be8c9232703d4678c4ea273e8ec2f51f450f1524f545272ea7a4c0fb874b75116d29187a8806ee4e0fc2fbae9c1d5eaba7e476ac980ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 218d00c92aab6b65e0a4184a28c4e9e4 |
| SHA1 | a8b815e82be2c2ec1165dea97b79de1b9c3cd2ec |
| SHA256 | 26261800d2e26d1a53400ad99f3e6d3dc6c467e711d9f79b711addbdd1fb06bd |
| SHA512 | 81875ecfd964f1ab22ca1a10cabd6d8d4749ba551e92a0e145d9c9d1a3f31e9e4b38c3d44ca5bcfd8867f7e5d99ce04c24138fb8466313c5c29ec824eefbd3ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 140ea50e882ae66517458a39961c5b0e |
| SHA1 | a63743406a70f2c8421f7ba1666ba0d39fb4650f |
| SHA256 | 7cd3f848e2e02f930289e1cce6329125c1697390843223575a396028deeceaf3 |
| SHA512 | 112afc95f4bafedbe12359cf213ef45ed5cf1575837007349142d393cc8bfd9043d8526e2a1895159b682879cf4a99a1c93845f9c5d73c6da66b01d754b3a9e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 051a939f60dced99602add88b5b71f58 |
| SHA1 | a71acd61be911ff6ff7e5a9e5965597c8c7c0765 |
| SHA256 | 2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10 |
| SHA512 | a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 003b92b33b2eb97e6c1a0929121829b8 |
| SHA1 | 6f18e96c7a2e07fb5a80acb3c9916748fd48827a |
| SHA256 | 8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54 |
| SHA512 | 18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c9bd770bfbcf528a686bc411284938d6 |
| SHA1 | 60bd0f70d79eff69d0329898d5b7e730ffc4e5f3 |
| SHA256 | 58c662db1d42456664e5f663b15edcd0e65ba1b476dfa09e6cc5d0f32c502b16 |
| SHA512 | aaee8aa62b2fc43540e8f5b6ed09b88ff919f04a00f691667d95442d4aa3486ecc6b9a24066e55f48b77730366bbe204b5b204c8656a3ee0e1dffc4c650e7606 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0f50eeee5f3a1d496aa9769ce6ded8c6 |
| SHA1 | 56d4f9c00f562c9af8008b4c40da022e32c9ed94 |
| SHA256 | ec0f0ca89292ff9484ed52a026188ed007fc193191a70bf14760f6dd6a69a67f |
| SHA512 | 3e60720f6508ff675c7896451c6a42b0f571cc10cd7645e086705c1383381a8daf5f9d49bed113a092129547cf72f325beb5ddebfdfe97e16dde10db46a11a58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9af90da7013201d599c6c6612615d09a |
| SHA1 | a5e962bad74fef33386a2945f4dbe2b3a847d370 |
| SHA256 | 6b4750fdbe8138eced72a090b4f3d0f74948f67af4c666f110ac31ce04526f66 |
| SHA512 | 8a42059b913ded7fbf0a57cddaff11e311ddac24c5af1bd4836fa79a141347acf759dd1b840f0721bfd0eb0a89cb50df00c2fba50c291a0d21040f4bb96ce322 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 936022b8bd01bc098243a16a99c61ad4 |
| SHA1 | d7f15af252f4c17f80cbcfc3e4a6f7ff970eb80c |
| SHA256 | ac1683f2c45e5d015b672e2f3e23944296df5aa697a7b6ef179b3a4f17374354 |
| SHA512 | 3cc2a2254597aab626c2f2a514e172f7af57305abaf7742d83b457b651b8b01fc1bb16c554ab9e887715f507e8491eb941f2c0898d840a7be17287e9c59765f4 |
memory/4768-801-0x00007FF705070000-0x00007FF7052F4000-memory.dmp
memory/4768-800-0x00007FFE02670000-0x00007FFE02BB1000-memory.dmp
memory/4768-804-0x00007FF705070000-0x00007FF7052F4000-memory.dmp
memory/4768-802-0x00007FFE03F10000-0x00007FFE05AEE000-memory.dmp
memory/4768-803-0x00007FFE03F10000-0x00007FFE05AEE000-memory.dmp
C:\Users\Admin\.VirtualBox\VirtualBox.xml
| MD5 | f49765ce9db54f84034476fbde592f04 |
| SHA1 | c4f475657f1ebaa961d2a61062105910c0af9548 |
| SHA256 | 90a42824376c73cba04c10986ef5e97ea8fde9e866893ec94c71f6970a5b49c8 |
| SHA512 | 3ad48d6defe012e9838e279c56ef631cfe52410eb07915418b99e759ecb76f79784e46ac31ee728ac9b4e0a842d466a155ccca8f41ab9fe8ee3d46c956c0a631 |