Analysis Overview
SHA256
4719b38e7a276b43099ce4d6349e6bfc80edf644ee59d9dafd264bc7ed7691f4
Threat Level: Likely malicious
The file VirtualBox-7.0.14-161095-Win.exe was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Enumerates connected drives
Event Triggered Execution: Component Object Model Hijacking
Drops file in System32 directory
Drops file in Windows directory
Executes dropped EXE
Drops file in Program Files directory
Loads dropped DLL
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks SCSI registry key(s)
Suspicious behavior: AddClipboardFormatListener
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Uses Volume Shadow Copy service COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 13:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 13:17
Reported
2024-11-14 13:48
Platform
win11-20241007-en
Max time kernel
974s
Max time network
1161s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\DRIVERS\SET2FF6.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET3576.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxNetLwf.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET1CF9.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxSup.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET1DE4.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET1DE4.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxUSBMon.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET1CF9.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET2FF6.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET3576.tmp | C:\Windows\System32\MsiExec.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_6389ef9a2a816fc1\VBoxUSB.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{56785e0f-7136-0f45-946b-d9d04bc7959d}\VBoxNetAdp6.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{56785e0f-7136-0f45-946b-d9d04bc7959d}\VBoxNetAdp6.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{30742a68-90f5-1c42-a910-ea7567da2359}\SET33FE.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\DRVSTORE\VBoxSup_5018924056E84EABA285BB0DE5B18677DC64C518\VBoxSup.inf | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxSup_5018924056E84EABA285BB0DE5B18677DC64C518\VBoxSup.cat | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxUSBMon_4DC22822E5ED15CFAF42864CC0F1E63EBC74D076\VBoxUSBMon.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4d11bc75-6df8-404a-b79e-e95b77faf23f}\VBoxUSB.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{30742a68-90f5-1c42-a910-ea7567da2359}\SET33FD.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{30742a68-90f5-1c42-a910-ea7567da2359} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{56785e0f-7136-0f45-946b-d9d04bc7959d}\SET2E8F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{30742a68-90f5-1c42-a910-ea7567da2359}\VBoxNetLwf.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_10acfa4b924dd181\netnb.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxSup_5018924056E84EABA285BB0DE5B18677DC64C518\VBoxSup.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{30742a68-90f5-1c42-a910-ea7567da2359}\SET33FE.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_0525128a3d54207e\netnwifi.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_c5e1a8904c87a072\vboxnetlwf.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4d11bc75-6df8-404a-b79e-e95b77faf23f}\SET1E8F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4d11bc75-6df8-404a-b79e-e95b77faf23f}\VBoxUSB.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{56785e0f-7136-0f45-946b-d9d04bc7959d}\SET2E6E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_ee187df79249cd72\VBoxNetAdp6.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_3debe5e78bab1bca\netbrdg.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxSup_5018924056E84EABA285BB0DE5B18677DC64C518\VBoxSup.inf | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxUSBMon_4DC22822E5ED15CFAF42864CC0F1E63EBC74D076\VBoxUSBMon.cat | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{4d11bc75-6df8-404a-b79e-e95b77faf23f}\SET1EA1.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{56785e0f-7136-0f45-946b-d9d04bc7959d}\VBoxNetAdp6.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\wfpcapture.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{56785e0f-7136-0f45-946b-d9d04bc7959d}\SET2E6E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_c5e1a8904c87a072\VBoxNetLwf.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_72f156a5ee3f59e8\netrass.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{4d11bc75-6df8-404a-b79e-e95b77faf23f}\SET1EA0.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{56785e0f-7136-0f45-946b-d9d04bc7959d}\SET2E8F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{30742a68-90f5-1c42-a910-ea7567da2359}\VBoxNetLwf.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_c5e1a8904c87a072\VBoxNetLwf.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4d11bc75-6df8-404a-b79e-e95b77faf23f}\SET1EA0.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4d11bc75-6df8-404a-b79e-e95b77faf23f} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{56785e0f-7136-0f45-946b-d9d04bc7959d} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_882899f2b1006416\netvwififlt.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRVSTORE | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_6389ef9a2a816fc1\VBoxUSB.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{56785e0f-7136-0f45-946b-d9d04bc7959d}\SET2E8E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{30742a68-90f5-1c42-a910-ea7567da2359}\SET33FC.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{30742a68-90f5-1c42-a910-ea7567da2359}\VBoxNetLwf.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4d11bc75-6df8-404a-b79e-e95b77faf23f}\SET1EA1.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_6389ef9a2a816fc1\VBoxUSB.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_d34968d7b3e6da21\ndiscap.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{4d11bc75-6df8-404a-b79e-e95b77faf23f}\SET1E8F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4d11bc75-6df8-404a-b79e-e95b77faf23f}\VBoxUSB.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_ee187df79249cd72\VBoxNetAdp6.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{30742a68-90f5-1c42-a910-ea7567da2359}\SET33FD.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_56c163d21e8c2b62\netserv.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxUSBMon_4DC22822E5ED15CFAF42864CC0F1E63EBC74D076\VBoxUSBMon.inf | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_ee187df79249cd72\VBoxNetAdp6.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{30742a68-90f5-1c42-a910-ea7567da2359}\SET33FC.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_c5e1a8904c87a072\VBoxNetLwf.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_bc519c177a90877a\c_netservice.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_8074ac14f1ab2957\netpacer.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{56785e0f-7136-0f45-946b-d9d04bc7959d}\SET2E8E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxDDR0.r0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_eu.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_bg.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\x86\VBoxClient-x86.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxAuthSimple.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxDD.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxRes.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxVMM.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_fr.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\doc\UserManual.pdf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\vbox-img.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_ja.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\ol8_ks.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\redhat67_ks.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_nl.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\os2_cid_install.cmd | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\rhel3_ks.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxWebSrv.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_de.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_lt.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\win_nt5_unattended.sif | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\platforms\qoffscreen.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_ca.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_sl.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_sk.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\win_nt6_unattended.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_zh_CN.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\redhat_postinstall.sh | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\sdk\install\vboxapi\__init__.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxRT.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\x86\VBoxRT-x86.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_it.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_zh_TW.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_el.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_eu.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_fa.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VirtualBox_70px.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\sdk\install\vboxapi\VirtualBox_constants.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\lgw_ks.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\sqldrivers\qsqlite.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxHostChannel.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VirtualBox.VisualElementsManifest.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_el.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxAuth.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_ko.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_da.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UICommon.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxDbg.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\win_postinstall.cmd | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\debian_preseed.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\{8DDF4B7A-DE1A-4619-B426-959B44E40A87}\IconVirtualBox | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{8DDF4B7A-DE1A-4619-B426-959B44E40A87}\IconVirtualBox | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI33BB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFCD.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF32654A45691798B7.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI16D7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem0.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF4D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{8DDF4B7A-DE1A-4619-B426-959B44E40A87} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1697.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem1.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\INF\oem2.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI361E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF1C48159197E39CC5.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1379.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2D8F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFBC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI12DC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e580c51.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\INF\oem3.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e580c4f.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1089.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1E1D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1D9F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\e580c4f.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFA84970DEBA87C531.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI339B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3719.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFCB1941C8C9DD78B5.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFBB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1C85.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\INF\oem5.PNF | C:\Windows\System32\MsiExec.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe | N/A |
Loads dropped DLL
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\VirtualBox-7.0.14-161095-Win.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\System32\MsiExec.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AD47AD09-787B-44AB-B343-A082A3F2DFB1}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{B0A0904D-2F05-4D28-855F-488F96BAD2B2}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDCA7247-BF98-47FB-AB2F-B5177533F493}\NumMethods | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{D0D93830-70A2-487E-895E-D3FC9679F7B3} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox\ = "VirtualBox Class" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D782DBA7-CD4F-4ACE-951A-58321C23E258}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\AppID = "{819B4D85-9CEE-493C-B6FC-64FFE759B3C9}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24EEF068-C380-4510-BC7C-19314A7352F1}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{966303D0-36A8-4180-8971-18650B0D1055}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EE37AFB5-7002-4786-A5C4-A9C29E1CCE75}\ProxyStubClsid32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{181DFB55-394D-44D3-9EDB-AF2C4472C40A}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{243829CB-15B7-42A4-8664-7AA4E34993DA}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4B301A9-5F86-4D65-AD1B-87CA284FB1C8}\ = "IMediumIO" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0bb3b78c-1807-4249-5ba5-ea42d66af0bf} | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{755E6BDF-1640-41F9-BD74-3EF5FD653250}\NumMethods | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1F99D9DC-C144-4C28-9F88-E6F488DB5441}\NumMethods | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{4DA2DEC7-71B2-4817-9A64-4ED12C17388E} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5BBDB7D-8CE7-469F-A4C2-6476F581FF72}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C48F3401-4A9E-43F4-B7A7-54BD285E22F4}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\progId_VirtualBox.Shell.ovf | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{11BE93C7-A862-4DC9-8C89-BF4BA74A886A}\NumMethods\ = "18" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{6DDEF35E-4737-457B-99FC-BC52C851A44F}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C1BCC6D5-7966-481D-AB0B-D0ED73E28135} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{D78374E9-486E-472F-481B-969746AF2480}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{22363CFC-07DA-41EC-AC4A-3DD99DB35594}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{3DB2AB1A-6CF7-42F1-8BF5-E1C0553E0B30}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F2F7FAE4-4A06-81FC-A916-78B2DA1FA0E5}\ProxyStubClsid32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ABEF51AE-1493-49F4-AA03-EFAF106BF086}\NumMethods | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D7569351-1750-46F0-936E-BD127D5BC264}\1.3\FLAGS | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C39EF4D6-7532-45E8-96DA-EB5986AE76E4}\NumMethods\ = "30" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox.1\ = "VirtualBox Class" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{9B6E1AEE-35F3-4F4D-B5BB-ED0ECEFD8538}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{c8adb7b0-057d-4391-b928-f14b06b710c5} | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5BBDB7D-8CE7-469F-A4C2-6476F581FF72}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{2A88033D-82DB-4AC2-97B5-E786C839420E} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35CF4B3F-4453-4F3E-C9B8-5686939C80B6}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{89A63ACE-0C65-11EA-AD23-0FF257C71A7F}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxSDS.1\CLSID\ = "{74AB5FFE-8726-4435-AA7E-876D705BCBA5}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{081FC833-C6FA-430E-6020-6A505D086387}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2405F0E5-6588-40A3-9B0A-68C05BA52C4B}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A85BBA40-1B93-47BB-B125-DEC708C30FC0}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD6A1080-E1B7-4339-A549-F0878115596E}\TypeLib | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6F302674-C927-11E7-B788-33C248E71FC7}\ProxyStubClsid32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DFE56449-6989-4002-80CF-3607F377D40C}\TypeLib | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{41304F1B-7E72-4F34-B8F6-682785620C57}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{DEDFB5D9-4C1B-EDF7-FDF3-C1BE6827DC28}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0B3CDEB2-808E-11E9-B773-133D9330F849}\ = "IGuestMonitorInfoChangedEvent" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{537707F7-EBF9-4D5C-7AEA-877BFC4256BA}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91F33D6F-E621-4F70-A77E-15F0E3C714D5}\NumMethods\ = "11" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA204A12-5B29-45A5-B5D6-C2BAFCDB9B0B}\NumMethods\ = "32" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB6F0F2C-8384-11E9-921D-8B984E28A686}\NumMethods | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{1E775EA3-9070-4F9C-B0D5-53054496DBE0}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{01510F40-C196-4D26-B8DB-4C8C389F1F82}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{67099191-32E7-4F6C-85EE-422304C71B90}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{ABEF51AE-1493-49F4-AA03-EFAF106BF086}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{45587218-4289-EF4E-8E6A-E5B07816B631}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{DD6A1080-E1B7-4339-A549-F0878115596E}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0B3CDEB2-808E-11E9-B773-133D9330F849}\ProxyStubClsid32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1" | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3BA329DC-659C-488B-835C-4ECA7AE71C6C}\ = "ISerialPortChangedEvent" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6F302674-C927-11E7-B788-33C248E71FC7}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCF47A1D-ED70-4DB8-9A4B-2646BD166905}\ = "INetworkAdapter" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{966303D0-36A8-4180-8971-18650B0D1055}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\VirtualBox-7.0.14-161095-Win.exe
"C:\Users\Admin\AppData\Local\Temp\VirtualBox-7.0.14-161095-Win.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding B1FDB6CCD90C0D44697F6369F68EF485 C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding B988E20330C32C5455F4C2D97A6E69C4
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 00975A80DE2F2B495BDB9634AB854D64
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding FA1FBEF4189861FCD6528CF5FCF6E207 E Global\MSI0000
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf" "9" "48f6bcb47" "0000000000000150" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1AE88AD96718CA640D02DF88EB8ABDDF M Global\MSI0000
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf" "9" "473b17b7b" "0000000000000170" "WinSta0\Default" "000000000000016C" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf" "9" "431e52bcb" "000000000000016C" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf"
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
"C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"
C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
"C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe" -Embedding
C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe
"C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb020cc40,0x7fffb020cc4c,0x7fffb020cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,8117442786092101071,4771511600443417042,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1820 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,8117442786092101071,4771511600443417042,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2128 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,8117442786092101071,4771511600443417042,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,8117442786092101071,4771511600443417042,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,8117442786092101071,4771511600443417042,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,8117442786092101071,4771511600443417042,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3600 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4520,i,8117442786092101071,4771511600443417042,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4972,i,8117442786092101071,4771511600443417042,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5024 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5160,i,8117442786092101071,4771511600443417042,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5148 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5272,i,8117442786092101071,4771511600443417042,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5280 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,8117442786092101071,4771511600443417042,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5296,i,8117442786092101071,4771511600443417042,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5264 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5492,i,8117442786092101071,4771511600443417042,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5444 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4352,i,8117442786092101071,4771511600443417042,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffb00c3cb8,0x7fffb00c3cc8,0x7fffb00c3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,3696837981393204749,10931829637366520939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | csc3-2010-crl.verisign.com | udp |
| SE | 192.229.221.95:80 | csc3-2010-crl.verisign.com | tcp |
| US | 8.8.8.8:53 | 1.c.f.f.f.3.d.f.6.e.f.2.a.5.8.a.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| N/A | 255.255.255.255:67 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 255.56.168.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.56.168.192.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | chrome.google.com | tcp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | tcp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | tcp |
| SE | 192.229.221.95:80 | csc3-2010-crl.verisign.com | tcp |
| GB | 23.73.138.131:443 | r.bing.com | tcp |
| GB | 23.73.138.131:443 | r.bing.com | tcp |
| GB | 23.73.138.123:443 | r.bing.com | tcp |
| GB | 23.73.138.122:443 | r.bing.com | tcp |
| GB | 23.73.138.122:443 | r.bing.com | tcp |
| GB | 23.73.138.123:443 | r.bing.com | tcp |
| US | 13.107.21.200:443 | bing.com | tcp |
| NL | 40.126.32.133:443 | login.microsoftonline.com | tcp |
| GB | 2.16.233.202:443 | www.microsoft.com | tcp |
| GB | 2.16.233.202:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | cdn-dynmedia-1.microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| GB | 2.21.67.25:443 | cdn-dynmedia-1.microsoft.com | tcp |
| GB | 184.26.57.234:443 | c.s-microsoft.com | tcp |
| GB | 184.26.57.234:443 | c.s-microsoft.com | tcp |
| GB | 184.26.57.234:443 | c.s-microsoft.com | tcp |
| GB | 184.26.57.234:443 | c.s-microsoft.com | tcp |
| GB | 184.26.57.234:443 | c.s-microsoft.com | tcp |
| GB | 178.249.97.23:443 | lptag.liveperson.net | tcp |
| US | 34.120.154.120:443 | publisher.liveperson.net | tcp |
| GB | 178.249.97.99:443 | accdn.lpsnmedia.net | tcp |
| US | 34.120.154.120:443 | publisher.liveperson.net | tcp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 13.107.253.64:443 | acctcdnmsftuswe2.azureedge.net | tcp |
| US | 35.186.249.72:443 | d.impactradius-event.com | tcp |
| FR | 52.222.169.50:443 | cdnssl.clicktale.net | tcp |
| US | 150.171.29.10:443 | bat.bing.com | tcp |
| GB | 2.21.67.27:443 | analytics.tiktok.com | tcp |
| GB | 184.26.57.234:443 | c.s-microsoft.com | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 8.8.8.8:53 | 211.138.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.97.249.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.97.249.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.249.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.67.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.29.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| US | 13.107.253.64:443 | lgincdnmsftuswe2.azureedge.net | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 20.31.161.73:443 | ov-df.microsoft.com | tcp |
| US | 152.199.19.161:443 | az416426.vo.msecnd.net | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.132.130:443 | h.online-metrix.net | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| US | 192.225.158.1:443 | h64.online-metrix.net | tcp |
| NL | 91.235.134.131:443 | y6jn8c31m3qkaoff7cjad33a64q5nhvyu2kvi4ykce4f85fc771628c5am1.e.aa.online-metrix.net | tcp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | udp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | tcp |
| NL | 20.50.88.244:443 | dc.services.visualstudio.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 20.42.65.85:443 | browser.events.data.microsoft.com | tcp |
| NL | 91.235.134.131:443 | y6jn8c31m3qkaoff7cjad33a64q5nhvyu2kvi4ykce4f85fc771628c5am1.e.aa.online-metrix.net | tcp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | udp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | tcp |
| US | 20.42.65.85:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.65.85:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.65.85:443 | browser.events.data.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| SE | 192.229.221.95:80 | csc3-2010-crl.verisign.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| GB | 184.26.57.234:443 | c.s-microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.132.130:443 | h.online-metrix.net | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| US | 192.225.158.1:443 | h64.online-metrix.net | tcp |
| NL | 91.235.132.130:443 | h.online-metrix.net | tcp |
| NL | 91.235.134.131:443 | y6jn8c31m3qkaoff7cjad33a64q5nhvyu2kvi4ykce4f85fc771628c5am1.e.aa.online-metrix.net | tcp |
| US | 192.225.158.1:443 | h64.online-metrix.net | tcp |
| NL | 91.235.134.131:443 | y6jn8c31m3qkaoff7cjad33a64q5nhvyu2kvi4ykce4f85fc771628c5am1.e.aa.online-metrix.net | tcp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | tcp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | udp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | udp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| GB | 184.26.57.234:443 | c.s-microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| GB | 178.249.97.23:443 | lptag.liveperson.net | tcp |
| US | 34.120.154.120:443 | lpcdn.lpsnmedia.net | tcp |
| GB | 178.249.97.99:443 | accdn.lpsnmedia.net | tcp |
| US | 34.120.154.120:443 | lpcdn.lpsnmedia.net | tcp |
| US | 35.186.249.72:443 | d.impactradius-event.com | tcp |
| FR | 52.222.169.33:443 | cdnssl.clicktale.net | tcp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| GB | 2.21.67.66:443 | analytics.tiktok.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.132.130:443 | h.online-metrix.net | tcp |
| US | 192.225.158.1:443 | h64.online-metrix.net | tcp |
| NL | 91.235.134.131:443 | y6jn8c31m3qkaoff7cjad33a64q5nhvyu2kvi4ykce4f85fc771628c5am1.e.aa.online-metrix.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| NL | 91.235.132.130:443 | h.online-metrix.net | tcp |
| US | 192.225.158.1:443 | h64.online-metrix.net | tcp |
| NL | 91.235.134.131:443 | y6jn8c31m3qkaoff7cjad33a64q5nhvyu2kvi4ykce4f85fc771628c5am1.e.aa.online-metrix.net | tcp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | udp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | tcp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | udp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| GB | 184.26.57.234:443 | c.s-microsoft.com | tcp |
| GB | 2.21.67.25:443 | cdn-dynmedia-1.microsoft.com | tcp |
| GB | 2.21.67.66:443 | analytics.tiktok.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.132.130:443 | h.online-metrix.net | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| US | 192.225.158.1:443 | h64.online-metrix.net | tcp |
| NL | 91.235.134.131:443 | y6jn8c31m3qkaoff7cjad33a64q5nhvyu2kvi4ykce4f85fc771628c5am1.e.aa.online-metrix.net | tcp |
| NL | 91.235.134.131:443 | y6jn8c31m3qkaoff7cjad33a64q5nhvyu2kvi4ykce4f85fc771628c5am1.e.aa.online-metrix.net | tcp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | tcp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | udp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | udp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| GB | 184.26.57.234:443 | c.s-microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| GB | 2.21.67.25:443 | cdn-dynmedia-1.microsoft.com | tcp |
| GB | 2.21.67.66:443 | analytics.tiktok.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.132.130:443 | h.online-metrix.net | tcp |
| US | 192.225.158.1:443 | h64.online-metrix.net | tcp |
| NL | 91.235.132.130:443 | h.online-metrix.net | tcp |
| NL | 91.235.134.131:443 | y6jn8c31m3qkaoff7cjad33a64q5nhvyu2kvi4ykce4f85fc771628c5am1.e.aa.online-metrix.net | tcp |
| US | 192.225.158.1:443 | h64.online-metrix.net | tcp |
| NL | 91.235.134.131:443 | y6jn8c31m3qkaoff7cjad33a64q5nhvyu2kvi4ykce4f85fc771628c5am1.e.aa.online-metrix.net | tcp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | tcp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | udp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | udp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| GB | 23.73.138.57:443 | r.bing.com | tcp |
| GB | 23.73.138.57:443 | r.bing.com | tcp |
| SE | 192.229.221.95:80 | csc3-2010-crl.verisign.com | tcp |
| GB | 23.73.138.88:443 | r.bing.com | tcp |
| GB | 23.73.138.88:443 | r.bing.com | tcp |
| GB | 23.73.138.88:443 | r.bing.com | tcp |
| GB | 23.73.138.88:443 | r.bing.com | tcp |
| GB | 23.73.138.88:443 | r.bing.com | tcp |
| GB | 23.73.138.88:443 | r.bing.com | tcp |
| GB | 23.73.138.57:443 | r.bing.com | tcp |
| GB | 23.73.138.57:443 | r.bing.com | tcp |
| US | 20.44.10.122:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 23.73.138.82:443 | r.bing.com | tcp |
| GB | 23.73.138.82:443 | r.bing.com | tcp |
| GB | 23.73.138.10:443 | r.bing.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| NL | 91.235.133.182:443 | vlscppe.microsoft.com | tcp |
| GB | 23.73.138.82:443 | r.bing.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\MSIAB53.tmp
| MD5 | 3e96d4bbea9f87cccdb9f1ba6d14309e |
| SHA1 | 1de6ef91b7d961ea5cbd4e23ca14174dc966b4e3 |
| SHA256 | b5cc30d5a2678bf4a8d1889e1db385bccac012156562551e6c508e0801e912ff |
| SHA512 | e25fcca4699aaeae4f0953c69b65b2ea150c0049c5cf5e4370e279617d6553461f7ce2729fce049d4118ff66c2cd3f7eb537e0fcd8249fad32ce17373cf4b9b2 |
\??\Volume{fc95478e-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{a6a56c4b-5654-4d4a-986e-6694a5bafe80}_OnDiskSnapshotProp
| MD5 | 40b2ec9af2dc61e25906911f261e368a |
| SHA1 | cfdfd4d1682864f3681010549ad1c312a077194e |
| SHA256 | d980fab8b44e35aef3ecb5824615367c6266632c3d35750945662617564466b7 |
| SHA512 | 10bfa2c947f50f93b4fb69105087cf52e5944c346973a2b675bac178e7c2b92a7443d86534c2acb7d72a7af2290e95e9f964c2d8b7d31c8767035e8e075ee3ec |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 1ed7fc23d90f3de0d50878e6024b689b |
| SHA1 | cf9945a80ceaa8c9346e9f48bc8ef00668b7c3bd |
| SHA256 | b56c413a9a5fe9bd6b5b845fa41bdc1b34d9a063417dcfd1aa51875636098d09 |
| SHA512 | c215325c01d406fea90da8ca6bf7b2d5be2af6abf93f1c52b0e02277b28246479f721c8f3af5a89cab8ffc6a22033c5536d74764516d11eae96c9d1893cab909 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
| MD5 | 5db620292aeb2fbd25c8529ec2eb6b4c |
| SHA1 | c4400780b1d4ddcdc7fefe20bf707bc5fbbf2bea |
| SHA256 | ccca05c8bf30a3e49a786237750116c943e12a4f5355838e0bee53065f19e114 |
| SHA512 | d8da21180801c86369b3e17af147765ddde2dbd02acfa0bb962c3ee0fa7513161b334c9c22178580e06adc27e6003d906a76f5865d26b7cc55456e03be408231 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_683B8EA584E734D2258F215F97D5554B
| MD5 | 003ac8a88e59a77b9f5a05c3d03b01d3 |
| SHA1 | ec3a1bcba6de2121cb5ebb5c21b2733d37ca51c2 |
| SHA256 | 91d1334b3f553edc9da85ad4d241215de09484ec933dd2269a21ab86057f374d |
| SHA512 | fa8a181049ea45e15e05af472e5bcea2c1424f1b60bafe92ba0f310342c0495dee3809c6cd434fab49b3775ca997274ae0be425efd3e0f90031b6f91bade1db2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_683B8EA584E734D2258F215F97D5554B
| MD5 | 4e813ac49d0dc07810d9a79c3c2336e2 |
| SHA1 | deb032a176585251e202dbfaf47d7b5c8d6b62dc |
| SHA256 | e79a0fc3dc4dd60695401c9d5b499075441470addff856b8271211956443f1d9 |
| SHA512 | 85d0e35c3111783cdf35ad6f8a5fc5845c6e6bc09f9765425ee4f8f0661c74ba692abf15cd9e3c9ab52a63d5dc537aec206c6077dcacc6d1613f614660858d49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
| MD5 | 88f3744caad4056fb2f34289d123b679 |
| SHA1 | bdbb01bb1f3584342f5c77a7d1d370e915ca732b |
| SHA256 | 09245c86e94d47ffd914fc4224f2b8ff07c9d7d440a81a5efc0091605717025d |
| SHA512 | c287cb89530710486c5911231eb301ef2c2ff2201ece696593ba271104e2925cbba694b8bbca83e53ed7c5bcfb3167e3e895641bb75a08b51798687ef3ddb7bc |
C:\Windows\Installer\MSIFCD.tmp
| MD5 | a3ae5d86ecf38db9427359ea37a5f646 |
| SHA1 | eb4cb5ff520717038adadcc5e1ef8f7c24b27a90 |
| SHA256 | c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74 |
| SHA512 | 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0 |
C:\Windows\Installer\MSI1379.tmp
| MD5 | 418322f7be2b68e88a93a048ac75a757 |
| SHA1 | 09739792ff1c30f73dacafbe503630615922b561 |
| SHA256 | ea5d4b4c7e7be1ce24a614ae1e31a58bcae6f1694dd8bfb735cf47d35a08d59b |
| SHA512 | 253f62f5ce75df3e9ac3c62e2f06f30c7c6de6280fbfc830cdd15bf29cb8ee9ed878212f6df5d0ac6a5c9be0e6259f900eccee472a890f15dd3ff1f84958aeef |
C:\Windows\Installer\MSI1C85.tmp
| MD5 | 8deb7d2f91c7392925718b3ba0aade22 |
| SHA1 | fc8e9b10c83e16eb0af1b6f10128f5c37b389682 |
| SHA256 | cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4 |
| SHA512 | 37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c |
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.inf
| MD5 | 73baef81f0ea58b6dd1b8e38e199e567 |
| SHA1 | 66e89f5fee1ebfa980160984940bd5fa910b7180 |
| SHA256 | b24d35b010526a896ddd4108f10e235054593d79f5939a2d484da12517d351a0 |
| SHA512 | 978a94895e7a9d88eff50f4b552ba7ebdf73b4654d48590afda8b09cddd3d188d11d4bfcad3cac374348237b69d249467ccf04159c88da9fb783fb65d49f14aa |
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.cat
| MD5 | 0b017252806546852e7808267d223e93 |
| SHA1 | 5018924056e84eaba285bb0de5b18677dc64c518 |
| SHA256 | dd54bdd004785dc8e0b0824f49b6ec0665ac0d4623162c3d9dd636ec11dd3a25 |
| SHA512 | 155c330306ca91a4991ee9a5107a2339630e9cd34696206c7ae1526cd2b9fd092753f52cba2ff8bb0da6bb69fdb19fc6f9aaaef6473b5f5765aacd201573dff7 |
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.sys
| MD5 | 6276906d6a4ee29b29ca50b4825d4098 |
| SHA1 | b542ea87c12b788c87ed693d549fcffd562c354f |
| SHA256 | 73fa8b463ee9a95930d98da3f9dd0637e63f06e8cd510bcaa285d91e4dcae2c7 |
| SHA512 | bab6e0947bcc54b95e504e24d5305dbfb7d6c1e60795655a5c308c0a9fd2433bf4449b838f8cbb021479dcf6383f853445f719c8347a7e13f1e05b622b09207a |
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.inf
| MD5 | 16ea0763f8e734401a17973aa0aa366c |
| SHA1 | f206e753616e3ffda643a2f9c657df591020ee93 |
| SHA256 | 23cfad6bdfdac3f08ac6f9d7b79292affe78c834d19939a3a554c2844f54f452 |
| SHA512 | 0d7504e67cdab21733f95188776f1238c2f532d7aeb372963c221c33f2d971e0745ddc86862935c15ab8ed812a0cd77818cffefab221d5f4cac6ac8d8cf43563 |
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.cat
| MD5 | 421e43a41fac5422bead785c7dafece6 |
| SHA1 | 4dc22822e5ed15cfaf42864cc0f1e63ebc74d076 |
| SHA256 | 0d80dc9215057156589b2345f793df8884b6d684e83b1ac725c4e47debd6759e |
| SHA512 | 2d3af370d66e54b260c4ee27c01dd6f97111949593b05fdddd9d1b4a58f882982a96a3ae1628a3ddc7dc7a6e2729842723c1fcd62a180700390c6214b1d751c1 |
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.sys
| MD5 | ea4f74bf86589c6e8f0fb2866b3820aa |
| SHA1 | 17a542351d8cefbc25ba2a184f80a6897566ac7b |
| SHA256 | ade2e8d684cb59bfea99ad09e55bc5f2a808d824c2905ded1366b7d32e906529 |
| SHA512 | 397a2129d9df502636776d49c62ce2887999f3e24f975905f108bf7c2a7196e0227f20f7644cceba9513384781f2988c6e1ce8047f705c872fb3970ce15466cb |
C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf
| MD5 | 9cbb45c10d1d5920e4d9320e8dde36d4 |
| SHA1 | 3efb47a5381654a7f996c4049ffcb7ad671f2c3f |
| SHA256 | b97746731c3f8ceb709020ef1be969721b004f001ea2e55f61a0c395d611b109 |
| SHA512 | e72d534560789d15a6bdaa481d022fb5111b75e8321f0e1947e653c598e7cb8ed1ca25dcc01a4c341cc7bb0fca133f6c92bbb7f3cfb188fdafa0babc7d558ee1 |
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\USB\device\VBoxUSB.cat
| MD5 | 351ea41c61b4b84fbc0a461b1768e104 |
| SHA1 | e9fb74d027a25e4298eb751e2ae156c8806428c6 |
| SHA256 | 36b73da2bc1b809022fa8c8072a52d082a869243dd78b08dfcf75f1146255a31 |
| SHA512 | d0b2f30bcce8e324856f6184f50f7bc24ecf220b575c14166a81ebad7acaa3b14250aefce10e095bb90ea0565be85c7638a03ea289f61c46921b800d3b5a5b5f |
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\USB\device\VBoxUSB.sys
| MD5 | 4669d1db0f07515d41f21f308b4b390d |
| SHA1 | 3400d9f8ce5541e5fd59f546a7a44d98ca7eb331 |
| SHA256 | a6c70813d6afd3c9e191de5127c219d912a11db1a6fda80fd6793a97e5a9e692 |
| SHA512 | 3b285fa9b2fc63cd8f7b756dfcba56022b67aa4ddf5d40fd4611037af92a31502df43b0c2ffe8f28faf5ae97e69497d540cc4028be1abf42b34cc6433eb307a3 |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | dcb52405302d3ea225e8f47ed62fd33a |
| SHA1 | 5553dd708ed6bf97e6298b9ed01de64098ca904c |
| SHA256 | 5f4f83a53b9f0c1cab2fd914bd99a9601e45db72f80cc9101eac6ef08ecb56a9 |
| SHA512 | 51b31f636cd443395ffb07fae31cff83bfb2b2eb4cc89f9075e43515fa5e5b1d620d23538a8cbcafe7c651c10ec06b48f2171ed1551bf3ab352156fd1eafb4e2 |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | 2d733c5e458776f83e0e7235fe2a97aa |
| SHA1 | 4b577385ea4198b0a5b035e73c476809ca136efe |
| SHA256 | b73089d3e05432f253ad458af79b30f9d913dc653ca96702f91e09477b3acd19 |
| SHA512 | bc99aa954ef0adceff7526736bb2f51d07bf38ffc3c1b3656155038fa3a81df2d36c51674f30e3ebc7c62b52717615982b6db58696109ad142660ec749f697c3 |
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
| MD5 | be3cbab296ab1c9fbbe7dc8e97b06e07 |
| SHA1 | 1f6a242ff2039606ac558c56e4237cc9a9fe28fd |
| SHA256 | f640902d85cbeed89f1f2237297b2eba3240cb4431c64131f2253331e0b67f6d |
| SHA512 | 2742b09e99d45201d2f70df76d9d69369eb666194c39b99627c0d8a06da4de19f3bdc5b83fee7e7f84e7a26db123b5463060b748f4b27eeb3a27049a8589e28a |
C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
| MD5 | 166f9409ec301bd79860933cbb8b6708 |
| SHA1 | aa51281832ad1767b8480ae48760d0e8e1088710 |
| SHA256 | 74dbea34d5b2c424281719df754bd1e4a28cc3c03759cc1d38e23b8fc120a7fd |
| SHA512 | 13f9953e5da10c778c39228e1b379e24647cecad07e8621220569e8869f84db4ce9c0f82faeccb0ec1935e9a161e052fc446e6dc83868554b8a9631a9627e356 |
C:\Program Files\Oracle\VirtualBox\x86\VBoxProxyStub-x86.dll
| MD5 | 6d3c7d2e108cbb7b5389f51ff68bcb9a |
| SHA1 | e47006dbd81b0ad005dfe95339bb54ac59b20f47 |
| SHA256 | 53ed3512437fbeb4277c24790ce67db048f81b60c3669765541495ef88056b88 |
| SHA512 | 0b69c294c32beff25e91ccfc5fd3b26ff76e8a92b81b3f69fc0065ae6c8d8a676039303cc5195bff1d71735a1af97f920ed1a9911bcbcd27a7532f7539605fdf |
C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf
| MD5 | 6016637d32182738bfc71e7e86bfa1a3 |
| SHA1 | ee76c95ba76286743ab9d3420c58c41e0f1793eb |
| SHA256 | 68fca318c6f63b1d46f3a75ad62aedf1977d135411d82e850f09a6e6e7e8765d |
| SHA512 | dc1c2584c8f25b527df9aaebba3ff7cb5ea9427825b1af9f72005f6789aa8502bfe2a16ce1c2229d1ee62b3d553b7792ff943807d753fb5dd50f084cc1815ddc |
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\network\netadp6\VBoxNetAdp6.sys
| MD5 | 2ac0caba931fd7736866c3867f8ca6eb |
| SHA1 | 610700909bb66d0842706dbdeb6540bc843a5d89 |
| SHA256 | 4e619bb6370f4bc4be52f43d6c43f3a86e3e2ce7bb04baadff17d3b731f18f3f |
| SHA512 | cfb1dbd3227941e3f04f366ae661ebe3503ef789e70bc0a438569fbbdc2a2bd89e8d3b978db44e5182f81a0b98b01cc5d70690ebc8d0b5b24a00bba48c3eb866 |
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\network\netadp6\VBoxNetAdp6.cat
| MD5 | 75eb3dc02a8ee04f1f3c96bd80e253a2 |
| SHA1 | ace2f9f1eac41cf6bd3dbb2d69530c6f044afefb |
| SHA256 | a27ffe3f719b5f87c694b273af7e5796cf93a495cd195aff25e44e24fecf8e1b |
| SHA512 | 3d451852408ac7045c1558fb97a21a61d99bae207e3e28050109170999fcaf7f091108d3a15596946aed55497611110040726bccb939850744c5b628db369a75 |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | b2294d07c10a912a4c7d7b1fdc322495 |
| SHA1 | 0897853ef3313ed2870a7a74a6b5cf7839a8eaa4 |
| SHA256 | 8bf263c4531640af744a949d6aa95f73033159ae957bf3691750b6c8deb12cf9 |
| SHA512 | 8fc8b9ca4bb21ba950c494f38db89f6c1e978080c0999e7d6f88564bf2d785ee067b190cb73282f82af1bfc7abd7be0af957c9a319c415980ef5b68f7d8c1acc |
C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf
| MD5 | 4b79c4041164c4d8b24a4f51f25b026a |
| SHA1 | e877f526967674a90108da7be7cf38744e5969c9 |
| SHA256 | dbcc2c6f3dc2a68eabc698d2d7d94837e9f79711dd13b414299e20c00c016779 |
| SHA512 | 8c7ab281df799538f0dd1a2b353c072cb1cada3b57e6aceba5e7f228cecfe5634e26ff05b927d46a6fe0f9e6cdabb4c266cfc1e1a425f04f0f2be9a179bd4a30 |
C:\Windows\System32\DriverStore\Temp\{30742a68-90f5-1c42-a910-ea7567da2359}\VBoxNetLwf.cat
| MD5 | 6d9d62401ebc8d8b48e6724c2e162d2e |
| SHA1 | 7d64d6c2b98e6545382a5c3ec31bc71e2d6b3035 |
| SHA256 | e308cfc6edf3b6e969a115eeb111d0fefe0be93e00856ab1280459dd83a9f93f |
| SHA512 | 46244a02f61d6048630312a0827f0141b8e99501d367a6feeaa5d9ae5c157f98969dc50642ad4d03b5863b196456d8d903241b1077809d280b860bd6aba6bee4 |
C:\Windows\System32\DriverStore\Temp\{30742a68-90f5-1c42-a910-ea7567da2359}\VBoxNetLwf.sys
| MD5 | 96a60dbff3c4c7217741e0007d0f4abb |
| SHA1 | 1651f89d9ab8455dd4458f605bee3a4ce429e42c |
| SHA256 | cd3af3b853c27626fcfc85997feead0a48e56d618e2129f62fe1b96a203a44c7 |
| SHA512 | bb7de376b7fbb8e8dcf2a49f9c4e195510ae5895d0f612dd9f80fa56197b55b81cd31151bdcacafc616c7998513cca81192460e09b9a433f9b688d706ebf3d48 |
C:\Config.Msi\e580c50.rbs
| MD5 | 49b6daff59d6255acca0c29991146dcd |
| SHA1 | 5229c7b23150adfa01e3eac5cd522e03e6965064 |
| SHA256 | 077c38500fda62fff79ca1b91b2755e733219a89285e2b017bc33ab6d89b2cc5 |
| SHA512 | 14ab7cf19276ffabd7f7e33e18575965ba3adcc44b9fc6fa8bf0e4056fec857b0af0e8870092d7949dbd8f4af579d503b9c6473f54f4262a213a52c8f16b528a |
memory/2712-543-0x00007FF7DD180000-0x00007FF7DD404000-memory.dmp
memory/2712-544-0x00007FFFB0A90000-0x00007FFFB0FD1000-memory.dmp
memory/2712-545-0x00007FFFB2330000-0x00007FFFB3F0E000-memory.dmp
C:\Users\Admin\.VirtualBox\VirtualBox.xml
| MD5 | d9d28bd2ef7192fb0efb99607d7a0807 |
| SHA1 | 7fb6f32f1c0f227118613dd7779e1bf0a6e2ce4a |
| SHA256 | dad710b076d96b3de34a58363a3241935bfe205b7240ce57f9d85bf2058e6dd5 |
| SHA512 | e058987d5fd8ea6cd3c3081c7ac45ce1e3719c4a38b46390133b19539fad35a0d8ad699023a3d934d18e3356cb6def62bd197b5a32ad496b620469c55d9efb13 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\scoped_dir5816_834410984\91e2c5ff-cc4a-48e3-a749-e1308c74ac52.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Temp\scoped_dir5816_834410984\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 9d8b46aa311abda2cd3fb55ac17b1acf |
| SHA1 | e4f9129e20db6784c7806ada12643c99110025ca |
| SHA256 | 1d727fd7428b59464c80efb9da55ce9c8a2c42d8fd12050e4220374a3393f94b |
| SHA512 | 7059214a1f22e17beb2c5ca6ac12b5de641a66ec8155d1fb8f950233b8c1286978efcdd8999c2da33560a1080b5dd5e7e1cb98fe1547f6498dc0c89ae59f1c3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a28f37b8660c9a6a47ca7828eb674ada |
| SHA1 | 431fa552ec81865e12197abd41ab4b1a9477a322 |
| SHA256 | 15dd1cb25131a681e15d6acec6c5bf8f7b942f2578d4c27afa373a3fa609c7b8 |
| SHA512 | 4b8ec4f30c5464ecdf1099c44e559879e66cf974fb1d143ef3f5e103e555bd297d8416c9f6c4c446f97da6c48950797fd082fe6fad452c2c147ee2749bfd7535 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3dd3cb776942e37040beab479797223e |
| SHA1 | 48b1661f5066ad8bef581bcbbed3e7d524c77ba3 |
| SHA256 | 92529a31021ead4781aa3d307bd3d15d638663050735dc0aedb9a8512df1d909 |
| SHA512 | 5376812bda459af23314cb1cad6dfb1fdb0424577d54f4658af5eebb2adb433f5325b1cfe8cd8f6d998e096f93c4507a476c31f4700a0c60f58db0dd968d1412 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9c13177531e041f50c57aa3242db9cce |
| SHA1 | a00432b3f1093329b004aa85cda960223bc61bf8 |
| SHA256 | 1275091cb7aa8203714783cb5169f07af1b7ae999af5ae525c210c02188d9049 |
| SHA512 | df372125e684f3babee680acc0b2b5b8e45532cc95a6175831522338375c7282d615d3a49c027595694839d685bf3c4d308495227edd1b4b5e977297d7aebfff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 5b664380b5ed7772a126eaa57c1de2f5 |
| SHA1 | ba2a73682618210d1b326a5fee1f1c66ac4e4aca |
| SHA256 | 6cf90be02ee9bd10af8834f43bd4eb079cd695d889f9db36fe7e678d3a0bf908 |
| SHA512 | 37fea7b24022e507bfe2879e38167c29434adbe852fb06230cf933ebc0e256dc1735d5fd67f9db5788e47c4530847e0300816db1072ac1226c89a42a0d989578 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 5aec10b2af83963b1222a8a1a265c73c |
| SHA1 | af786de8f5c774609a6979cd2f7fa6e2f116afe8 |
| SHA256 | 760af6288c49a20571f0bfe8becd716daf0ded15aa926758d01c3ecb0006f61c |
| SHA512 | d6ac72a99e023bc28cf6b2ec306c74d2c27e82bb26ed34f03216b532954d72bae4fd9a389db2e7a3db96624734ec9b1b91a7368621109d3c8ad7471eaab1cbff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b91b636c8c47f2b83d4848b289b2e743 |
| SHA1 | 181f9eee5ef3036153ded991dc04a2adfb8e34a5 |
| SHA256 | f53849e1f367aa44509fcf21f8a8cb7b83611682d89806992d00cefd0343114d |
| SHA512 | 22cba1a3bb66955acd83e89fb487f9f1ee45f8a4ce81a4dc9ce9534e4ad9a95fb9c52ed2bd25e76004b1e33dea38dee04fd9f3874430f307264020af1e27b5c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e972a5488a2a3f462729295860829c29 |
| SHA1 | 1aade0755567516a1c99990701d638d44589884b |
| SHA256 | b2ce5fc1f65e0f744d96fa4dfcae1c8b1f75de3d999c488ae93b9bc9d992a570 |
| SHA512 | 53e0aa16f793c9440db32b4c85a37ffb815a8647c7c2dfc4e5ac227a8460c57b9b6d20daf1b4369d26d87b655e07728eb081b9fcf3da18bd97703425575aee71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 38604d47cdc80b03a290cb3f49eb6b25 |
| SHA1 | c4d565e1c48cb6ceab7285d4d2aba4bab0e295d8 |
| SHA256 | 246177db91465c5abaf9d52bb4a3a6a9ca6be48060855e69d13a64448b07d045 |
| SHA512 | 572e5fafe34050b42067730958a65ae5259d115a02ef46e942b333d620abd243485ecb22c1793569fec955f616e67cb09fb5b8ac107f883ab72f1a3c520402e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7966a55cfe373e2adb13208bf3af37fe |
| SHA1 | b7a7998ef45663b03adb0432eb5ad236cdd431f5 |
| SHA256 | 17d0db315adf07492b40e2407dd3abbfcaa2f242ae42c9cac2691ddd7cd688a0 |
| SHA512 | 88976f450f243cda67ffccf6050221f4f52538a0a6289351a5726f3a3c54c51490d42002a7a9664286f3e087d25cc61c509937911c5a279bd596f5f63b8cc442 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 90daaa71f1d8c9ea23ed6c88ec41304f |
| SHA1 | 14c80918c8272222b9341a1921d524335738e7ea |
| SHA256 | 99b7975eb56c3a8bbc7566396ad4c8cf8918fbdad4ae5033c0b366da992d0c3f |
| SHA512 | 87cf507be94b4704fb101e26621ac26b708e9c76d8e2416eed922e7d41e1d6ae0333516a867097e7d69b91f677e2c85350f7efa5e7d23d5c10b67ee23377df73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c03d23a8155753f5a936bd7195e475bc |
| SHA1 | cdf47f410a3ec000e84be83a3216b54331679d63 |
| SHA256 | 6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca |
| SHA512 | 6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3d68c7edc2a288ee58e6629398bb9f7c |
| SHA1 | 6c1909dea9321c55cae38b8f16bd9d67822e2e51 |
| SHA256 | dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b |
| SHA512 | 0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8b9243d4-df0c-4bb5-957e-a33e8732f720.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e936ae35fc0d82e459891d55f25ca4b1 |
| SHA1 | 73c1595ca1b7ca155e0b00f342149cf1a8c24b69 |
| SHA256 | d65d600856ff3562e865f5dddd63d3f5c36ee5dc641ea3024f94be828fad2713 |
| SHA512 | 6c8f949afb0f4af7aecbe8fb33709fdab560c4400bd55ac01db69b5b3157348042478ea5f391afd782370499c3291df3372631e90a181e86ce6f277e61206825 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1f078e01bef8ec3dacdfd700bb68659e |
| SHA1 | a60d42b751e3104cd2a495e27aab9e398ff91a03 |
| SHA256 | 440a65e1775948004e7faf65d8a753dbad2591c68480cfb5335b2ae6f5837a1d |
| SHA512 | e0129b98f6c8b0e349bc1140a6371cc2c82d258bee4a60792fa4a455fc3e484b2fdccb769b794f32a3f18b6a8b923f1a4f6a28b6b9e903275fa99a09bd2cab0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 144f2c50c46fc83f3ea52882831aaafa |
| SHA1 | 22d601c2e559261753a762f8200be909d26ae073 |
| SHA256 | c23cfe6722ec37174e065b3b285d87a2980e73483737e534934b391d3d3affb6 |
| SHA512 | a7238dfed1f01ff0a3808dba7e3e322e783eb34c8cfb5d2811db4bd9717238c420f5eef3de503883a1efc60cdfc8d24a72e9324f2328444718d37f56ec1b27aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9aae690d0ff555af05b7514e5eec326c |
| SHA1 | ac289e379369f923873bb784de14235488508bed |
| SHA256 | 36095f24c4851175fc32323cd1971cbfe4aee06bc28af6fae4be6c102e2299d8 |
| SHA512 | 6895055535757222c18f68511be983346c2ce8a0eec6168861e3d0d414efea7e1dcb39526b3d3d3065ebae3a91bb84fa904e8f740a154ff1495bbbd0550c74ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d0e5d5c1601d04afe8f5fb5ae27c3b76 |
| SHA1 | 9db6df82eac63a0b2f386274d3ec67ec834fa237 |
| SHA256 | 71927abedb800aff4e7ae29d4385a174034ad2d55f6545b8e7080b200486a483 |
| SHA512 | f8c048f64337871153dd3915764ffdd633520821be8bab8058623235a7c3aad8cd4e3612f77f2ae41fa361c88b3168c3a575ad7b469812fdf36c62722cf67c64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59484a.TMP
| MD5 | 7c8a11dd078392bb123f2492cd35137c |
| SHA1 | 06cebccb761f11539ca555ca1d18b2a00bf50712 |
| SHA256 | 29faddd52da976d977e5b024318fc587a137c4c58de39814ff4b9d48ead26871 |
| SHA512 | d50ce4c312323470c8f2a065d073ebbf595523e345aca16c7b16eb4c92e77aca742218e9d7990caa57d9f6315202520fa89e1cef3ad696d0428aaf1a58f8f442 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ee5202735872c8ecc8a51a50ed9233da |
| SHA1 | c9c961a9e5fb1f53867c14da7494f56de67b81ee |
| SHA256 | ee6e0c819293c8f87d9e7cfc15618ecfed3fc6a0f4af1ba10fd9f85b95878ffb |
| SHA512 | a7d3ea1cb7bfc583ec141099d71b486177ab5ae35a54cde2966a4f17e6a5197c678ff3826720b52d172e1c6381bf06ce8faadcacda2d6f3960901425e78bf841 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | adea5de6cba2fba66436ba41b9b0a5a6 |
| SHA1 | c3997973001ae278dc67b0898e40692a74068010 |
| SHA256 | 7f569b6a2de5af3c09df7e7942d32575be2c2eb4a6446af02fc8e03c7497b328 |
| SHA512 | cb90b54052dffe42a0ad4073c465440646fa411b9452b36998172df995409ddf5e9284cc0c1acb9ced8b2a971b91485359d87c0601a431bd031c8958a5fbfb50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 77fae997b8d7deba26ab0e52cb7aa049 |
| SHA1 | c2b33de02ecb1c794cbfaeb11c77ae575c30f44c |
| SHA256 | 0b7db30366412ded1cd48d0b98fd3052f5c21a8b0228f0dcae41dd792547cb38 |
| SHA512 | ea57bd41c01505016e7b238ed14d48360bc5d7c2d3365d65118c6934f6f6ee256e5f7d227746bdbb9547434c92806004292b87c5ffd1c09155c52a691fb12d60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0d17d5e7c8de0dee0311e77b257cc296 |
| SHA1 | e78d4eb2a788978f4bccf12d88168a593afd56c4 |
| SHA256 | 538a5f4fa28d952f2ccc784fb6acbc0d9c14234e01805d7c6a3f49766023cbaf |
| SHA512 | 5c7cdfd2b46a31eefda3122933c5cd1c9b483fb2a138fffa2f0264da6b5e315e250c38a3289df92d858034b426bd8cf0fb81d18237e8ae84a0c13d3fc12cd9a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1b6c5f8c3b4a1459b2fb383ecc86a3a8 |
| SHA1 | c211890aeebca4c6624a73fc54f4ad0698b64de4 |
| SHA256 | c6f475401c2c34fab5dbf81707e64ade0fdbdfb2893c63f3493f718fb2f5233d |
| SHA512 | cfd797016bf97087c0019dd1e13b9256d6ecad2b102c9c844a61e2f7ffe89a3fee792be61b88e0a01d39ef9df4df9e519865f8b8ccd5f4a315fde72c074d4491 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | db34eef35108f80bd9621a9e7773f36d |
| SHA1 | bd807c2ebfa9d83d42bf9c719a9d9dc4eefe9fc5 |
| SHA256 | c1693fdca2652f9fd0e385d88e112462d8f05431f32b34d70c7fc9846113a8a6 |
| SHA512 | b641bc80981eace51ae2a03d57f1a04fdd152174a671cc7eb9c5952e04fc5fa3134d98a5a76773ace37b32066268c66112534c7b0ec5a8bad146013a2a37ac0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c153877f6502d60dd22ac6876fd82281 |
| SHA1 | 0a9f011a3561ac7cf573f7562fd7bc699ca1d23e |
| SHA256 | 006630f5eaeb47d2a34ac813ed68e406052fb9e001cddd988c11de6f0d453a8e |
| SHA512 | ab7570d515f1112dcdc18c2f3e3112d322041224ef767d0c42aa6fab591a01a7a4039a5ba3d45ba7a421c01f4017d8cf65378f1f67f850a14433b4078e3c92d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5034c6cb04ce17fa326de4c2a3aef13e |
| SHA1 | 6164b0c3534976a6d13ee33af15acd8cb778fa83 |
| SHA256 | dded06ba357d6224fc402db5ae9dc8211d4704c24765ca1ecbe4a89f247c51ea |
| SHA512 | ebc31f34cea26c2a8cdaa04ad40a249fddec32f6d49be520b452d069e0db4073d3705dfb467670a0f9a839aad46ac1b23eed832e503ac6bb80f1d68a6ae225af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cfc563460ec4d4c04ad7dd2ba3d49825 |
| SHA1 | 06dcf8f9313a11eb611b628d0630fbd7b9c0ab1e |
| SHA256 | 7bfec326ee17703d24b3f69097c6bc92b34a54b2a723c781b1a4bd697a5064d1 |
| SHA512 | 55d3db08d55c195f269717b172b90889d281a8acdb7676436863d594942b50c314f4603a2673d5d50ff00539a1f511ceb82fbe8def15681a3db9e97f4e5e007c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 035274c28005d0b15b2b9ad48ea99eda |
| SHA1 | 3296b8ce0f7e62b4cb49c576e3a1f6ae197a09bc |
| SHA256 | b62d0bde4050307473d1a75cb589120e21f33dad5b0ea827aa88eae6e47b85a6 |
| SHA512 | cc48573396f0a0660f4f65d6cd14a6a3b0943aa201d018857d15c7e574bdd00ad8d4116a2f5af9986b22ed7bf1bc5723caae59219e38a34acec5049e33da6651 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 30e8a7a614634a2f4b63c9c1054b9a18 |
| SHA1 | 17c2e15e66c91848bfc5d3b3f2e2d19f8ee768cc |
| SHA256 | 9953eb3793a9f40a392025f460c980312b0bb941f72bcdf17879cb361b9c148a |
| SHA512 | 0b1768c31473dc3bc875cddfe6ed92ecc4231b2840911bdd32b33d90a1009b7becf2674f59a1cdb20e7260a2a9eb7cf4224a4ba0b81be6ae415d0a2ea8dc5dce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5a5125dfab7ab49784c6d051ade3ff82 |
| SHA1 | 81150fe9caa473eafd20239ad19c557ba6194c07 |
| SHA256 | 1530c4eef154a246aa4b67ecb6f35577aebd2b62dcdafd0e0bcd98820def7fb6 |
| SHA512 | 37b4bf5f4055319d8dbc5f7af442649b7b278eeecdb74bf578c91304143b5666e28f998dd79084e2507cac58636217b8976c1122748576c2b0d729d8bf7baf11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c4067b4c306571bf49d8ee4b040b5c23 |
| SHA1 | 721863d9e37d52dbaa945f9e7d4d1c47c18d944b |
| SHA256 | 9b4ecdea3f6052a7ad0e22250288b2ba559412bb08951adb84fd58bfed1641f7 |
| SHA512 | c97a99f2cc2a17c501d92d899f7c4274edfc2fd99b9fcc23a24be6f3bfd1676a26b54cf1894422c223391a8bb373d856b6128ff754d33a1dc8e81e21916b245a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | b5de09144e0a01a8e89679ed9d3aa54d |
| SHA1 | 8045374d3fe0384fa2f5d26c07f09cca29e38170 |
| SHA256 | 1c173b92f17cc2689f76e560276ee9ae25ede63b01b643538a4c671d941a750a |
| SHA512 | 376b15ba7d882ba6d26c6533aef7f2e86ef8ab7051b4851b2dba95b7de5c8df1c94818e0e0e0e9beb1c47906fecc28870ce9cc1b62b5f7c92c9d85837b60d87c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 9196e81f8ed7f223d765423c1f9bc8a7 |
| SHA1 | 88f9d5c2a6908cf36b8daae803578ca9e1fd2929 |
| SHA256 | a4e2bcf7ef3c6c614c2142d3c1fd44caac4eafa86a1779ac31cba164e2d89cbe |
| SHA512 | e7d23866fcac017762d2e2f18597124e9147f458d30038f78ba9f3a2bcbe479fe4792573894370ce2d6f93a00401231d9f01955fde351ff982a82ba87a8241f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 00cb15dd0b5a99d219dea7a7e1f58499 |
| SHA1 | 1e4895afacff1939289e3a70ced6636fbf902542 |
| SHA256 | a919b203fc48d2bd0b12c4bc594e801d522ae335470f3c172086fca1c0f05c3f |
| SHA512 | 63451e3dd9784319af9ffefda5ffc1c671cdc174f5ef07ece2c85ba2416af1d6226418b142dfaa87b38aa7b298957c0fa9b3d2cb30cc2ad3b7d82b9fb264de9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | b786554392ab690a37b2fc6c5af02b05 |
| SHA1 | e7347fa27240868174f080d1c5ab177feca6bd84 |
| SHA256 | ebe47cc89c62447316148809bda9095bd07bd5392a99ab4b8ac8b9f6764cda51 |
| SHA512 | b71cdb76464a775fca909cabd0a7435c34de3ee4e19c40f5bebba6415295f0be2f82532a2ecda043c787ea4e8c23fd4e582a4d4322923fdf603a56e3fcb8b567 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | feffb155e7938927bd782834ea399252 |
| SHA1 | b0f1dd6f1c67f41368ff2917f4e0eee9ea98bb35 |
| SHA256 | f5040030c35db75ec42f437ab68b3db826c202cf2d6df7b8621567d1de400179 |
| SHA512 | 827b0a8ff4d6746eb759ecc08519f33ede8709e28a1412d925e99f83bd212f2c4307dd632093fe3192c36cc5f6eb91837b11f385295391b8a242e41a7b2dd45e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | affc2b93a9fc23bbba65931b19b1e12c |
| SHA1 | a175097d2aa7ffb4b54193f197f296ab57967308 |
| SHA256 | 1c383d5958a56ed0858150b049c83da4d4b31a4ac05314ae9a4f623933a3df25 |
| SHA512 | ebcec84bed7e03d99f02ba97e8a6bcfe157b2b1a78399f1493f8ae5476f7550b23fe6b1023d7c19b89d56d2ab8ae51df4284d0f8ab001d86acca019f30e97215 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | bdb44d498ebff196c9b89546565791d4 |
| SHA1 | b8db08f303efd46d0bb94289d2ae4e0f97dee07c |
| SHA256 | a545f8661b6d68eba2f819a1a7a9a1d97751e44ad77f3701abba11ba08be43de |
| SHA512 | 3b67d824b74aed0785cf0ace91b20807258c38c309cb915a67707117df166dc136ea40a69535cfdb38bcc91312f66d714a2ce7cc4615aaccc6ed210db2b2ee02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.microsoft.com_0.indexeddb.leveldb\LOG.old~RFe5a8c63.TMP
| MD5 | 39d372dea88f4dc1f1a1bec29fe73774 |
| SHA1 | 5e3f5ea2dd7346b65fd5bf9c488a20ab6e294340 |
| SHA256 | 5f9f5e6b5d9bd0db5d7d69d9ea2451e2a42cef5e10cc1cbbba5bc53103070a01 |
| SHA512 | b15845b8b9ccebf0ec2ed6477c7ad17397f468bef2eb61787796dc932a92b492bc1702daccde32e5b4e6f73b3483b94569b8c4a14233a577e697c59f3c315d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.microsoft.com_0.indexeddb.leveldb\LOG.old
| MD5 | f0922f5c5491e962621054ee0feb54eb |
| SHA1 | 6246b5ffb148fcf9185d16d458ba85665edec117 |
| SHA256 | 53fad8321bdf2d37d8bcf53357d8cd5a11308fa5988353619a386c0bb6a1e05b |
| SHA512 | 9c440477203bbfcde5c4c7e936f604102dcf54a6a496a9215f64a71a3d15b6dc40a355ed844a6938dc6fa53a165bb768fa145ee3026f568fb6bb77adec12dcda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_vlscppe.microsoft.com_0.indexeddb.leveldb\LOG.old
| MD5 | f6ce4a578402f804c9576d49392d1a71 |
| SHA1 | d5c189fddf8941d0d21869778f8fc6fdf762145a |
| SHA256 | 1efa00c5432931d31b675efca65f4559974754579720099f8c920d2e5d194243 |
| SHA512 | 8f075d5b2118caa216a00c1ab4829f47096bee2728a40a4779a55ab7da7d69d5ada644d85b9bd1d0e1b8a5f94d8184d6781d0a3eef1ecb0a69a65ce439beab47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_vlscppe.microsoft.com_0.indexeddb.leveldb\LOG.old~RFe5a8d2e.TMP
| MD5 | 78e15ac132f1fcad81dc552207da3660 |
| SHA1 | 3a98289384bedcd8642e6b102aa958d151c1a4fd |
| SHA256 | d98e2c53c24c053574e4ca136703c69d9db38d44e5722310143aa07a565be086 |
| SHA512 | ef5e3d04351281fe97ff19f60e2d09ab08d84c6487d16b2334f4f4d83a75d20fb03abf95ca7b561bc9d855bf1992bf16c0755bad52ec71fbaf745ec9aa258163 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2bd2ceb1ba094c6f52fb02b749d664f6 |
| SHA1 | 6f4389267f0db1f3507300c45268adb554f3b6e6 |
| SHA256 | 1e5a193a0b2718a4fdab9d86bbf237ef3180fc0c42db9393e0eb6900bec92b11 |
| SHA512 | a7fb0635a56e1c0fbeaa1d5e9a1804500c9ff599e2ac6ae1d4bb03d565c4f1ab5e3053b55d61bb8245b9d1d03f5fc99d901f34bf920eb4ecf6c52c9b38684fa8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 662aee1b18192b48ed4c173722562826 |
| SHA1 | b59a1d3dc6bf79685d462f8e2b17baed148b5719 |
| SHA256 | e6149dd51cd4739920743699b35b63e4cf9e051d0c55168589f2aacca74fc893 |
| SHA512 | e477c6bd892662dd06926d2a60e482729f7d2489a6a3c84d37b8edb8dd595b1ded6fbf16504cd3efae7ab51f97ec87e4c32b35e1d0be9a881128cac51ae08091 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 71ada2e7d72785250bc7251a3f0e2b68 |
| SHA1 | 803627a9c67c39a792497786ebaf2dee01b8e8a7 |
| SHA256 | 27d55c88d34d9c2fc633e036884e8b6f63541c833ca86feec99add837390489f |
| SHA512 | 357cd65e8be0f5f29af996694a301523f5d4cb24f508bc1afd31e819c64bef90ff1c6a3f68483c54bb1b79602113c451f9537aae4924702e874819af31bec321 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 91db2d5d5ddec5eb77f64e20f3cd3a86 |
| SHA1 | 5f54549ed277d9f0bccce3d7c2c43467e8837bfd |
| SHA256 | 5711cb7e410990354f6540b746780ce2a4232a5271956f066271bf6ed54aa45a |
| SHA512 | 70379b982cecf284749baa1820d8f5ce235e408c2a8f0b796b2e1fc35dbfca1adbaeb40c0fc0f309b7376af7156f1d961b718db846656eaf41624cf2ee1a371c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 40b6d90ebc9c27faadd86ee393fa5632 |
| SHA1 | 45934f6386a65b99b191252c0303d79365271922 |
| SHA256 | f396255b37f84f31ba0c554a6e26ff61ffc289f1aec164dbf0cae81b45997cf3 |
| SHA512 | 9d827668c747418f3a81c9be9d47def27ca8d977add54c7dff65fd1fa3aab306eb5474644760f3e2d2c8d0cdaafa04f73e56acc536368a971f0519d7e023d8b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.microsoft.com_0.indexeddb.leveldb\LOG.old
| MD5 | f89ec511a1f6c259c196fdc96be46317 |
| SHA1 | 48734f8099dc4a3c6bdabe0d598c919815c35592 |
| SHA256 | 2bfc96470db7d1b39ea6317f23b205139e8ebe487efff58075f9154666a3b75b |
| SHA512 | 035050ec1c4708ab727bf0cdfb6b80c093f2ea15dd48faeee3466a65939c8bfe36ecd186879fb7a80db58df334798faf05e087af52c0028f24be9805f858a54c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_vlscppe.microsoft.com_0.indexeddb.leveldb\LOG.old
| MD5 | cfbb572b05590f419e7d72914ab52586 |
| SHA1 | 891adf4b826e64373a7aa19c5d8f8b6bd3e7e0ca |
| SHA256 | 62687597d75f4253dcfba1c3ae8ff3b756805916187be2b20d286ccc41ddd1fd |
| SHA512 | c583a348b3784c12dfbf2550660e913d2c72d13ea97d8e9804aad5213809af6fd33520a4e60fb5df38e2c7a464f24a7f22404bac20e671571839d972163afa52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 09127a33b990c94fab5d273c3e123d6f |
| SHA1 | efe6d0553de4352abf63208fe432e963edeabfd8 |
| SHA256 | 80c1a59257e2cc776dc3674b18a1088b63ddd399bcdd6a49f93e6d49a8f88486 |
| SHA512 | 000a65bda374eba49439796c750aaf1518cfd11b08bccea32a9011113cf4f30796ba4e8c5fa2cda965015ec0747140b7cd37f4a71e9290efb0e2886c962a18db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6b4539e1c34df6f942ca492b0d697903 |
| SHA1 | b881488f16199c77d146e95d77ca5eca4239783d |
| SHA256 | db665f398a752c125299659397fc42c63119258f462481a0f35be9d0324f9045 |
| SHA512 | 0644f6699f6461ad88af955ce1699646f86c6ee5f0fe6a364840291841cabd8bfa72c8475d2f1be991ff2ca414f282b5be584e37b9947d602cb17d827ae60787 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.microsoft.com_0.indexeddb.leveldb\000010.log
| MD5 | efc901fb0facdca4b7b4983a3c4f3b22 |
| SHA1 | 68ca1837e06186fb1c56f935acba481a0927c05e |
| SHA256 | c9d82f431c31d1a5b967f620116c533d9b1fbd70ca2ed2db0287a49b88682851 |
| SHA512 | 7f814fb483ffa80f4d9ebd7d6ae7821f9319c31b64af8182f925c72f45af732da9209da5b22eca7a6465e0d60e03b41e29730609379fc57f82e1065a47bd4e84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.microsoft.com_0.indexeddb.leveldb\000005.ldb
| MD5 | 0b3412d6ad4aea57312645d4dd90766a |
| SHA1 | 0a64a1ee49c1c7dca7dda4dde9ff479f2b75cc7a |
| SHA256 | 27f62ab0dd50f851c218e0a3d53505db38cb01af75b52cbd2b69c93769615482 |
| SHA512 | 088f5afbea70bb0e26428c4afc777b403c8465ea88cf56166c4e15f23847d7e2a912af344905e22bb9d25d322a2c52a0b03837f26ea251090c979a5890e46017 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_vlscppe.microsoft.com_0.indexeddb.leveldb\000005.ldb
| MD5 | 3ee7b8535233e2fbd970c75a6514cf9f |
| SHA1 | 094d28f9fdc30b21c73f3de0ac2dbe580eb019f9 |
| SHA256 | cb1974e4b2cbe464f4c6149eba90c3764286ef7b90473fc2bfdb27537f522733 |
| SHA512 | d8de5dbd5ac1d6394118ca4f2b9a13e9666a6937b07a79b73039b1a631578a83a6c4447f81bb8818410c3c01cd224d08a87605df920b8d3888667e8631241807 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8c1a0d7263c4b8890b4115544ef15d18 |
| SHA1 | 51a762f21cf0b6c19f76abda298f0911158c0b6a |
| SHA256 | e646968c8d086f55443c2c7db3b45263825cfdab1706204ec3fbe785fa14b092 |
| SHA512 | 38bad63c9171aac718df40c518d04452a3462317df0ee21ff05616c62986e7d9163269417ac4f38a4ed7a663f96faeecc69cb5e53cb7d050b07cda36ac1de697 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 51b0434d3c0a41934f37967f80ba6713 |
| SHA1 | 826bda78760df472b077169e1590e432bf1ec01d |
| SHA256 | c998339ae59193b066a4d956a18602ca5c313b40ae6b0ee9855a7f941a8d18ad |
| SHA512 | 72639571aee7fbc6880a46935633e0397e64d6e2001878a582aad645f9133e2d8949161f68a5828797d86992d552136f87584dea6854169136ecb283dca34f69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.microsoft.com_0.indexeddb.leveldb\LOG.old
| MD5 | 6d5867106519505d51f294bbbae1adcc |
| SHA1 | 3241f7564a460c3f8f1d1b76a778788c96471fe3 |
| SHA256 | 0605703551088feb02f6af7ea80e4d90fa600b999beb07e264bcee1c9708f7c4 |
| SHA512 | 90a260cda1fe337dd9f189f6b1c150e5503b55b4dda7f6b5a01b6ea298b53293b5950d88a16df0473a30884576a6500704c8eb05f0256bc8e994dadd31d49992 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\270ef58c2403735a_0
| MD5 | 29e504aa880bd633afed55a998e42868 |
| SHA1 | ba36e7c90aafc0f909c2d1e01916e9029c9aeaf8 |
| SHA256 | afb1d60e8a40d89dac74ae818247796be4acf8239d7ae3809da52efc31937147 |
| SHA512 | 360fe392e9cd960d32fd9264deea2225d6ea9c462f176e0239a23c4118aabacec095a52ab4da0bdbd379445c83867ea29b359dc3451a12933e3e0dfbccb8f1ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_vlscppe.microsoft.com_0.indexeddb.leveldb\LOG.old
| MD5 | 3b50617f1b67405aece13f8ac519e32e |
| SHA1 | 4702baece8e54ed0833b9ecc18c173a8bf3332c8 |
| SHA256 | 7adfc2582a6aef638292fa8f50f013f285f46c6d772a5dc1bc16d073a34773b2 |
| SHA512 | fdb464d9bb9a559cad2bc99444109f0e70374e2de1772cbb9218793f92982fb16e0d8d99d8f2285114b28f070add421ffd33a2c87a45e5bdaf6b3c59fba43b1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7e72080a1b16964411d3717025d769d8 |
| SHA1 | 8960464f45003809d34dc79f2d7e7c550dc57584 |
| SHA256 | 094f3c7762e11ce9e112a052724b053d2820cc1607542936368c269d2368f859 |
| SHA512 | 8e79607da481b58748a491d0fb50c1f92b291242b498570cbea43b3d15a8ca67ff349ce4c004e1a1db5ece0be01e5bee48fee1607ef5bc76c2da87c59b3e5357 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\72ecf225-e988-4eb7-9088-6cd8c1a00c64.tmp
| MD5 | ec2f265198673a5b676c0ae4ec80bb82 |
| SHA1 | 20b50b7bdce4ba583a823a151fe4a519f85c815f |
| SHA256 | 65014efc8ab590a23a5d7267de289f72bb1c9c9dbc8bfda7c171bd4e22140da9 |
| SHA512 | 675d1265222686124f4ee3dca651bcf53379c9bb910798205075a8b530c717b749f6f7df4c9e412edde3742d003772ea4144a02d1a0190a61d2bb1d4f474de0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7504b8f9cd7721dc74c4ccf7e0f49964 |
| SHA1 | 71d86658d6ee291d1d3ff4ec62565badcc240e59 |
| SHA256 | aac844eee245f306363b2c4f33533e9b3f89e0abf73d9b3f582a82a447205cbd |
| SHA512 | d1351d2f68d9a332c0eb34aae785adba3ac4c4970b0e156d1224970f5a3a83cca871af025d9c7ae167b8eb0719f2edde7a503090071d3ecdcffa594d8b9200fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | afdceb88977e7f46f1e2086f3924ce7c |
| SHA1 | 8e2373970048fb40db9e0d64dca5537b2cf24c7c |
| SHA256 | eb863aa58caacb8001b2575a060ea47745e989c636a93e4b55fa0a0c5de6d696 |
| SHA512 | 5989629162bf3b1893790785b303ba671453eededaab708b8fce2f4f5de932d4495caeee41ed239f52dc6efecd6b77b1ec8475c633fe994ae7e3938815faa585 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 02908d896e322d81f7ac0e61e8698990 |
| SHA1 | 058e2b2f01c64fc0b53e87d159976a0e2fd0af47 |
| SHA256 | 720359b41f2025f7b3b25d5d554c6ea7994dd3c825e57cff56894e307cc8bc67 |
| SHA512 | 8dce5083351dfbd2eb67f453e4ac9b60c12650f2d91222071784c0a8117d3190c3a8ac0bdd789fa08c030d4d00e37bc8024589422020ed1d1bb9b1309b23b55b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 446865a08e88667e15d502ca4f256ffd |
| SHA1 | e17e19e83552213645decc9512323e7d8922bc27 |
| SHA256 | 7972b4d5e2181a489277dcbcdc3919b5a2135e544e6d933d3244d55f22de2360 |
| SHA512 | 5c43905407d275c9cafe907f8f3be3a709d02497f535bf31fdbe5704e94edc154a1f7890edddc181adaca5b8e4f15095daaba76d8d89c511825e83a38e7a60c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 28c2a577a37eb1e409276ca2f68eb9c2 |
| SHA1 | 4e388ff6aed1a058aae1507c522bf038083c018a |
| SHA256 | f7c1a39d0f3c05571d9f19c4c154b469322a1c4f3510d00225c8a406dafa11ba |
| SHA512 | d41d791e10be49e012389737e8674bb87ff6f0b73c4a21cff6ff7f97297f31c859787458364f4794e865c8788129879d5e80e20dfe9ac5eea4fb1cafd5293888 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 165f9db71e1187822428dab960091240 |
| SHA1 | 7e0f2095e6bde77b5b93a10723a1141855b1ed72 |
| SHA256 | 7fea9462ad48962dfdd7d9b4b4130aa3d2a6e12cc99d03132b34511beb043a4d |
| SHA512 | b2a7d8db4860cd292c5097c29dba895fb6484abe0c59779c20ca019f1c7a211bbf2d1cfe3772e275c8695fb910d502542b76d506628b4646e7ad3029975242eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5a90211ba66e0bcbcf8ef0557e6d7ed5 |
| SHA1 | 063530188e30ca8ca8614b248c693b19b414c3d8 |
| SHA256 | 6b8a40b3f1a13ee032308eba9afe3f2d0b5f294baaad83aa7ab2343e5d4544cf |
| SHA512 | 9a22681a06bb8ce2bb1e3a920d9d6369412617f4e4b6c56b34dc7406734e7b4598d0b268dde3dae70bf129bd3eea2da81d8c60a53bed3490745270c06901e70b |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\9d72941e-ad73-48eb-bca7-3ed8f3647d87.down_data
| MD5 | 5683c0028832cae4ef93ca39c8ac5029 |
| SHA1 | 248755e4e1db552e0b6f8651b04ca6d1b31a86fb |
| SHA256 | 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e |
| SHA512 | aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fee553f8365257d818db582d6c95c100 |
| SHA1 | 73ecdddb6806804edbffcba2121e2e85456ad848 |
| SHA256 | 0fb67d145af0a2fda8d888f4dca2ef250bc6ac4a820d35ddfe5ab33743422ca6 |
| SHA512 | 1a202a196b579f4ecd444414f5a1d86d262e9ab24f82ce1f3a6b9e272a32c3faf367cd5dbcca05b216dd5ad7a356dec9a0e52d92f645f589555b6c8a8bd71ef0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5b5b7bcac906bfbb21711b34fb8c44f1 |
| SHA1 | 81c154961ab0c587986258fe23944fe3204f38f9 |
| SHA256 | e360146728e4bcb506aa3d5a3743c3d3f540b86cadec1ca3dbdb7ff30b9ffa30 |
| SHA512 | 7c393997175d6bba0ce13fa358e166ccfb7b0352bc483263900cf3a8b2b73f5ea08035634b85faa55a5f436a8a53df6634416fe3017dd39b900ccb05f2aeb3bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9ae70deae0f38783874118c825feaced |
| SHA1 | 13f8653a695403f27c073478aa6e0940a5a887de |
| SHA256 | bf89613e3ac706834035361c260d789116c35920a04ef6b1aea48437bffc698b |
| SHA512 | 6246065819334b9aeb0e32d98f8e36a3bed3dbe6a2f2fada1253fe6dec2646967916d9dcf0c1123c876bbf06e9c40931e78dc34e0a8103f3e5f288d2dc98a06c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5b743951edbffa1b060ea227f39d5e72 |
| SHA1 | 7795629e7bd6771cbc39d5c38609ccb1a1953c24 |
| SHA256 | 8645085e8574ad40896c320731eb597a3b1ca03ba0d013c89c416db1b5d70fe6 |
| SHA512 | fd56740472d166ea1ccb73f65a44e3a24b5977c315b4c79216c7c4f71bfa9ecaeefe4ad55316285589080b43cfde595d224d603913b961fa28aea3d0aa52b1b1 |