Malware Analysis Report

2025-08-05 18:14

Sample ID 241117-rmlmhs1lds
Target CRIMSON.rar
SHA256 0c966a7beeb63c7bee76689648713ebb8ee7428f71d5f48959dcd45e940fef89
Tags
microsoft defense_evasion discovery evasion persistence phishing trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

0c966a7beeb63c7bee76689648713ebb8ee7428f71d5f48959dcd45e940fef89

Threat Level: Likely malicious

The file CRIMSON.rar was found to be: Likely malicious.

Malicious Activity Summary

microsoft defense_evasion discovery evasion persistence phishing trojan

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks whether UAC is enabled

Adds Run key to start application

Enumerates connected drives

Detected potential entity reuse from brand MICROSOFT.

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Unsigned PE

Embeds OpenSSL

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Uses Volume Shadow Copy service COM API

Checks SCSI registry key(s)

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-17 14:18

Signatures

Embeds OpenSSL

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-17 14:18

Reported

2024-11-17 14:30

Platform

win11-20241007-en

Max time kernel

529s

Max time network

530s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\CRIMSON.rar"

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Windows\Temp\{6A52A14D-1237-4C87-9D1B-FC5E05DF23EE}\.cr\NDP48-DevPack-ENU.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A F:\9ce405a5eb6953b779bc196566\Setup.exe N/A
N/A N/A F:\9ce405a5eb6953b779bc196566\Setup.exe N/A
N/A N/A F:\9ce405a5eb6953b779bc196566\Setup.exe N/A
N/A N/A F:\9ce405a5eb6953b779bc196566\Setup.exe N/A
N/A N/A F:\9ce405a5eb6953b779bc196566\Setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{362af3ba-ef6b-483c-9cb9-8033838e8b7d} = "\"C:\\ProgramData\\Package Cache\\{362af3ba-ef6b-483c-9cb9-8033838e8b7d}\\NDP48-DevPack-ENU.exe\" /burn.runonce" C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Windows\Temp\{6A52A14D-1237-4C87-9D1B-FC5E05DF23EE}\.cr\NDP48-DevPack-ENU.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A

Detected potential entity reuse from brand MICROSOFT.

phishing microsoft

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\PresentationFramework.Royale.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\xsd.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Microsoft.VisualBasic.Compatibility.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\ResGen.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Include\um\gchost.idl C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\SecAnnotate.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\ildasm.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\mageui.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.IO.Log.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\UIAutomationProvider.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Drawing.Design.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Security.Cryptography.Primitives.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Activities.DurableInstancing.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft SDKs\ClickOnce Bootstrapper\Packages\DotNetFX48\pt-BR\Package.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Collections.Specialized.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Net.WebSockets.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Microsoft.Build.Conversion.v4.0.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft SDKs\ClickOnce Bootstrapper\Packages\DotNetFX48\fr\Eula.rtf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.ComponentModel.DataAnnotations.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\PEVerify.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\SvcUtil.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Net.NameResolution.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Microsoft.VisualC.STLCLR.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Xml.XPath.XDocument.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.ServiceModel.Security.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Linq.Queryable.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Lib\um\x86\metahost.tlb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Drawing.Primitives.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Microsoft.Build.Framework.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.DirectoryServices.AccountManagement.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.IO.Compression.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\ildasm.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Include\um\ICeeFileGen.h C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\ISymWrapper.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Threading.Timer.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.EnterpriseServices.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\ildasm.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft SDKs\ClickOnce Bootstrapper\Packages\DotNetFX48\cs\Package.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Xml.Serialization.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\UIAutomationTypes.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\WSatUI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Web.Extensions.Design.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.ComponentModel.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Include\um\CorHdr.h C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Windows.Forms.DataVisualization.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Threading.Tasks.Parallel.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.ServiceModel.Web.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Activities.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\PermissionSets\LocalIntranet.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\CustomMarshalers.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Lib\um\arm\mscoree.tlb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.IO.UnmanagedMemoryStream.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Net.Http.WebRequest.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\lc.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Lib\um\arm\metahost.tlb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft SDKs\ClickOnce Bootstrapper\Packages\DotNetFX48\fr\Package.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Windows.Controls.Ribbon.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\PresentationBuildTasks.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Include\um\VerError.h C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Workflow.Activities.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Printing.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.DirectoryServices.Protocols.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Windows.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Data.DataSetExtensions.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\~DFB6F28B4BE81EC2C0.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\e5b301a.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF2E4C671EF26665ED.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5b301e.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Installer\SourceHash{BAAF5851-0759-422D-A1E9-90061B597188} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5b3019.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Installer\e5b301a.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI417C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Installer\SourceHash{A4EA9EE5-7CFF-4C5F-B159-B9B4E5D2BDE2} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\Installer\SourceHash{949C0535-171C-480F-9CF4-D25C9E60FE88} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\SystemTemp\~DF4A549E4C76405C43.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\SystemTemp\~DFC72FC15234B68F41.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\e5b3024.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5b3028.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\SystemTemp\~DFF7F46F92528C2171.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFD15DB1AF2FEB46D6.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF26D485B1213C24F9.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI41CB.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\e5b3015.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\SystemTemp\~DF4FD940508E0DD813.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Installer\SourceHash{7556B2FA-6364-47EE-901D-12B23F78F382} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3303.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\SystemTemp\~DFA4321B58A9BC00B0.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5b3015.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3C4B.tmp C:\Windows\system32\msiexec.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\NDP48-DevPack-ENU.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\ndp472-kb4054531-web.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\NDP48-DevPack-ENU.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{6A52A14D-1237-4C87-9D1B-FC5E05DF23EE}\.cr\NDP48-DevPack-ENU.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\ndp472-kb4054531-web.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language F:\9ce405a5eb6953b779bc196566\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001d3755855d3e98e80000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001d3755850000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001d375585000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1d375585000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001d37558500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 F:\9ce405a5eb6953b779bc196566\Setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz F:\9ce405a5eb6953b779bc196566\Setup.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133763272201408632" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|TlbExp.exe\TlbExp,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="X86",fileVersion="4.8.3928.0",cult = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e002e004d002a00730049007d00680021002800450044006700450040003700350051004b004300750000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5350C949C171F084C94F2DC5E906EF88\Servicing_Key C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|x64|wsdl.exe C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\28D1962B71B172844B286D467C3D8F26 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\28D1962B71B172844B286D467C3D8F26\5EE9AE4AFFC7F5C41B959B4B5E2DDB2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.StvProj.10\shell\open\command C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.stvproj C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3FA5405E3D35B5331B0E94C9A2689CC6\5350C949C171F084C94F2DC5E906EF88 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NetFx.MTPackLP_enu_4.8 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5EE9AE4AFFC7F5C41B959B4B5E2DDB2E\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.svclog C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|x64|xsd.exe C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|SvcTraceViewer.exe\SvcTraceViewer,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="MSIL",fileVersion= = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e004400440059003600500069007d004e00690042003f002a00380067005f002700290045005200520000000000 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5350C949C171F084C94F2DC5E906EF88\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AF2B65574636EE7409D1212BF3873F28\MainFeature C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5EE9AE4AFFC7F5C41B959B4B5E2DDB2E\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NetFx.SDK_4.8\ = "{949C0535-171C-480F-9CF4-D25C9E60FE88}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.StvProj.10 C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|wsdl.exe\wsdl,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="X86",fileVersion="4.8.3928.0",culture= = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e002400530073007700770072006f0055007e004100260075006a0031004c00720044005b006a004b0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5350C949C171F084C94F2DC5E906EF88\PackageCode = "4CC9C6CCDCDD41C4181E0470EE947D0C" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AF2B65574636EE7409D1212BF3873F28\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1585FAAB9570D2241A9E0960B1951788\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|x64|MSBuildTaskHost.exe C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|sgen.exe C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.StvProj.10\ = "Microsoft TraceView Project File" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3FA5405E3D35B5331B0E94C9A2689CC6 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|x64|TlbExp.exe C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|WinRes.exe\WinRes,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="MSIL",fileVersion="4.8.3928.0",cul = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e0064002500640061005500480075007100640043004500790071004e0053005700730033006000450000000000 C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|WCA.exe\wca,version="4.0.0.0",publicKeyToken="31bf3856ad364e35",processorArchitecture="MSIL",fileVersion="4.8.3928.0",culture=" = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e006d00520055004500400076007800630061004600600056002900480076006b0026006c006a00450000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AF2B65574636EE7409D1212BF3873F28\Provider C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|wsdl.exe C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|xsd.exe C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5350C949C171F084C94F2DC5E906EF88\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|WCA.exe C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|x64|SvcUtil.exe\svcutil,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="Amd64",fileVersion="4.8.3928 = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e0068007400760065004e0045004f0041003200450043003900710069005f004600300045006000420000000000 C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|disco.exe\disco,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="X86",fileVersion="4.8.3928.0",cultur = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e002c004f0064006c0067002b0050005200550045005a007300730071007100740035004b004900680000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|SqlMetal.exe C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|SqlMetal.exe\SqlMetal,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="X86",fileVersion="4.8.3928.0", = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e006a00480059007200730079007e002700210042005e0030002900540033007800420030003d005a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5350C949C171F084C94F2DC5E906EF88\SourceList\Media\1 = ";1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1585FAAB9570D2241A9E0960B1951788\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NetFx.MTPackLP_enu_4.8\Dependents C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NetFx.SDK_4.8\DisplayName = "Microsoft .NET Framework 4.8 SDK" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|xsd.exe\xsd,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="X86",fileVersion="4.8.3928.0",culture="n = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e005300350058002d005d0057004a007400240045005e00680055004900560065002800350058007a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AF2B65574636EE7409D1212BF3873F28\ProductName = "ClickOnce Bootstrapper Package for Microsoft .NET Framework 4.8 on Visual Studio 2017" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1585FAAB9570D2241A9E0960B1951788\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1585FAAB9570D2241A9E0960B1951788\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|x64|disco.exe\disco,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="Amd64",fileVersion="4.8.3928.0", = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e0041002d0032006b002d007a00620041005b00440021002d004200430072004b003f0056002100360000000000 C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|sgen.exe\sgen,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="X86",fileVersion="4.8.3928.0",culture= = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e004b004d00620051005b00410026005d003600440057002600640068007a004f00250047007400560000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AF2B65574636EE7409D1212BF3873F28\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{362af3ba-ef6b-483c-9cb9-8033838e8b7d}\Version = "4.8.3928.0" C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NetFx.SDK_4.8 C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|x64|MSBuildTaskHost.exe\MSBuildTaskHost,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="Amd64",fileV = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e007e004300500054002a006e002a004a002a00350071002e005400330055002b0074002d0040007a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|WFC.exe\wfc,version="4.0.0.0",publicKeyToken="31bf3856ad364e35",processorArchitecture="MSIL",fileVersion="4.8.3928.0",culture=" = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e0021007900760060002b004600490056003d00430079006b00260026002600750048004c006600480000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NetFx.SDK_4.8\Dependents\{362af3ba-ef6b-483c-9cb9-8033838e8b7d} C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|mageui.exe C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|WSatUI.dll C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|x64|xsd.exe\xsd,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="Amd64",fileVersion="4.8.3928.0",cult = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e0065005e002a006c006d00440069004200320043004100700030006c0030003f002400390069004f0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AF2B65574636EE7409D1212BF3873F28\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{362af3ba-ef6b-483c-9cb9-8033838e8b7d}\Dependents C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5EE9AE4AFFC7F5C41B959B4B5E2DDB2E\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|TlbImp.exe\TlbImp,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="X86",fileVersion="4.8.3928.0",cult = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e00680073003d0061006b007500520048006f00440035007800380079006e0024007500600071005a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|SvcTraceViewer.exe C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AF2B65574636EE7409D1212BF3873F28\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AF2B65574636EE7409D1212BF3873F28\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\NDP48-DevPack-ENU.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 899872.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\ndp472-kb4054531-web.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 229479.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A F:\9ce405a5eb6953b779bc196566\Setup.exe N/A
N/A N/A F:\9ce405a5eb6953b779bc196566\Setup.exe N/A
N/A N/A F:\9ce405a5eb6953b779bc196566\Setup.exe N/A
N/A N/A F:\9ce405a5eb6953b779bc196566\Setup.exe N/A
N/A N/A F:\9ce405a5eb6953b779bc196566\Setup.exe N/A
N/A N/A F:\9ce405a5eb6953b779bc196566\Setup.exe N/A
N/A N/A F:\9ce405a5eb6953b779bc196566\Setup.exe N/A
N/A N/A F:\9ce405a5eb6953b779bc196566\Setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
N/A N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\Temp\{6A52A14D-1237-4C87-9D1B-FC5E05DF23EE}\.cr\NDP48-DevPack-ENU.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2044 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 5356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\CRIMSON.rar"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe

"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"

C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe

"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9ea723cb8,0x7ff9ea723cc8,0x7ff9ea723cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6264 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6736 /prefetch:8

C:\Users\Admin\Downloads\NDP48-DevPack-ENU.exe

"C:\Users\Admin\Downloads\NDP48-DevPack-ENU.exe"

C:\Windows\Temp\{6A52A14D-1237-4C87-9D1B-FC5E05DF23EE}\.cr\NDP48-DevPack-ENU.exe

"C:\Windows\Temp\{6A52A14D-1237-4C87-9D1B-FC5E05DF23EE}\.cr\NDP48-DevPack-ENU.exe" -burn.clean.room="C:\Users\Admin\Downloads\NDP48-DevPack-ENU.exe" -burn.filehandle.attached=608 -burn.filehandle.self=756

C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe

"C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe" -q -burn.elevated BurnPipe.{E49C1251-964B-4738-B2AC-408FFBE44C28} {32A13EFB-2F42-45C7-98CD-4304ACF43464} 5704

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 84CAA353B62A755819E9979CCF147648

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 199D18067D34491F70D00F1489F7B5F7 E Global\MSI0000

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\aspnet_merge.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\aspnet_intern.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\AxImp.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\AxImp.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\lc.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\lc.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\ResGen.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\SecAnnotate.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\SecAnnotate.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\sgen.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\sgen.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\SqlMetal.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\TlbExp.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\TlbExp.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\TlbImp.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\TlbImp.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\WinMDExp.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\WinMDExp.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\wsdl.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\wsdl.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\xsd.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\xsd.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\xsltc.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\SvcUtil.exe" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queue

C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe

"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e627cc40,0x7ff9e627cc4c,0x7ff9e627cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1900 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1940,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1960 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4280,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3564 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5180 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5152,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4756,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4668,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5480,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5448 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5000,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4552,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5740,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4468,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4532 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4540,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9ea723cb8,0x7ff9ea723cc8,0x7ff9ea723cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8

C:\Users\Admin\Downloads\ndp472-kb4054531-web.exe

"C:\Users\Admin\Downloads\ndp472-kb4054531-web.exe"

F:\9ce405a5eb6953b779bc196566\Setup.exe

F:\9ce405a5eb6953b779bc196566\\Setup.exe /x86 /x64 /web

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1

C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe

"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"

C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe

"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"

C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe

"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"

C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe

"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"

C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe

"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"

C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe

"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
GB 23.73.138.131:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
GB 23.73.138.57:443 www.bing.com tcp
GB 23.73.138.131:443 www.bing.com tcp
GB 23.73.138.131:443 www.bing.com tcp
GB 23.73.138.57:443 www.bing.com tcp
IE 20.190.159.4:443 login.microsoftonline.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
GB 2.16.233.202:443 www.microsoft.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 dotnet.microsoft.com tcp
GB 2.16.233.202:443 www.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
IE 52.50.167.147:443 w.usabilla.com tcp
FR 3.164.163.59:80 crt.rootg2.amazontrust.com tcp
US 20.9.155.145:443 westus2-0.in.applicationinsights.azure.com tcp
FR 3.165.112.28:443 d6tizftlrpuof.cloudfront.net tcp
US 8.8.8.8:53 28.112.165.3.in-addr.arpa udp
US 20.44.10.122:443 browser.events.data.microsoft.com tcp
US 20.44.10.122:443 browser.events.data.microsoft.com tcp
IE 52.50.167.147:443 w.usabilla.com tcp
FR 3.165.112.147:443 d6tizftlrpuof.cloudfront.net tcp
FR 3.165.112.147:443 d6tizftlrpuof.cloudfront.net tcp
GB 104.120.140.163:443 download.microsoft.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.178.14:443 clients2.google.com tcp
GB 216.58.201.97:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
IE 20.223.54.233:443 links.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 13.107.246.64:443 consentreceiverfd-prod.azurefd.net tcp
US 13.107.246.64:443 consentreceiverfd-prod.azurefd.net tcp
US 13.107.246.64:443 consentreceiverfd-prod.azurefd.net tcp
GB 95.100.245.144:443 www.microsoft.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
GB 95.100.245.144:443 www.microsoft.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
IE 34.251.14.134:443 w.usabilla.com tcp
FR 3.165.112.206:443 d6tizftlrpuof.cloudfront.net tcp
US 20.9.155.145:443 westus2-0.in.applicationinsights.azure.com tcp
JP 40.74.98.193:443 browser.events.data.microsoft.com tcp
JP 40.74.98.193:443 browser.events.data.microsoft.com tcp
JP 40.74.98.193:443 browser.events.data.microsoft.com tcp
JP 40.74.98.193:443 browser.events.data.microsoft.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
IE 13.74.129.1:443 c.clarity.ms tcp
US 4.227.249.197:443 u.clarity.ms tcp
US 204.79.197.237:443 c.bing.com tcp
US 4.227.249.197:443 u.clarity.ms tcp
FR 3.165.112.206:443 d6tizftlrpuof.cloudfront.net tcp
US 199.232.214.172:443 download.visualstudio.microsoft.com tcp
FR 3.165.112.206:443 d6tizftlrpuof.cloudfront.net tcp
FR 3.165.112.206:443 d6tizftlrpuof.cloudfront.net tcp
FR 3.165.112.206:443 d6tizftlrpuof.cloudfront.net tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 4.227.249.197:443 u.clarity.ms tcp
GB 88.221.135.27:443 r.bing.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
IE 34.251.14.134:443 w.usabilla.com tcp
US 199.232.214.172:443 download.visualstudio.microsoft.com tcp
AU 104.46.162.227:443 browser.events.data.microsoft.com tcp
AU 104.46.162.227:443 browser.events.data.microsoft.com tcp
AU 104.46.162.227:443 browser.events.data.microsoft.com tcp
AU 104.46.162.227:443 browser.events.data.microsoft.com tcp
GB 104.86.110.115:443 tcp
GB 88.221.135.25:443 r.bing.com tcp
GB 88.221.135.25:443 r.bing.com tcp
GB 88.221.135.25:443 r.bing.com tcp
GB 88.221.135.25:443 r.bing.com tcp
GB 88.221.135.25:443 r.bing.com tcp
GB 88.221.135.25:443 r.bing.com tcp
US 8.8.8.8:53 25.135.221.88.in-addr.arpa udp
US 52.182.143.209:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\7zE47424688\CRIMSON\workspace\.tests\isfile.txt

MD5 260ca9dd8a4577fc00b7bd5810298076
SHA1 53a5687cb26dc41f2ab4033e97e13adefd3740d6
SHA256 aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
SHA512 51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe

MD5 81871a76907102262ecaa64aa1f84772
SHA1 53e4c273523b91956b6a054506e7ff3888fcaaf1
SHA256 3321858f43e2ad8247ca62770833096700008c15fd10511d463b1e0f6071ccad
SHA512 b656d9251066bf51e319b77fce7db633a75ba5222b8a229bad5c976f15da5e7d075949d1ad4d4f0f74a752f8a29c7b49c8554174acc2b9eaa5136e4641197e76

memory/2640-182-0x00007FF9D8FF3000-0x00007FF9D8FF5000-memory.dmp

memory/2640-183-0x00000251E9BD0000-0x00000251E9BF6000-memory.dmp

C:\Users\Admin\Desktop\CRIMSON\cxapis.dll

MD5 4ae4a4a268ccd36acffa1674ebbf910e
SHA1 b3737ff0d2296a6e5b652af1a4a519f2b336295b
SHA256 910716461ccde7774e637f214bc1de262dce0c371751a585ed1dcf84ee748faf
SHA512 5c80f85cdeb634be6986131c974b7a400a6cbac4b33e0a9c0523b679df2fea821322d32c8cb1870d6ad07bb5d1e9c35123cd89724de1a6b359b252ecced567be

memory/2640-187-0x00000251EA020000-0x00000251EA028000-memory.dmp

C:\Users\Admin\Desktop\CRIMSON\Guna.UI2.dll

MD5 c19e9e6a4bc1b668d19505a0437e7f7e
SHA1 73be712aef4baa6e9dabfc237b5c039f62a847fa
SHA256 9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82
SHA512 b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de

memory/2640-189-0x00000251EC510000-0x00000251EC724000-memory.dmp

memory/2640-190-0x00007FF9D8FF0000-0x00007FF9D9AB2000-memory.dmp

C:\Users\Admin\Desktop\CRIMSON\Monaco\index.html

MD5 efd81d18eef80e7a5cc70db71d658067
SHA1 98b0b7b9c738705263d92b41ef9f810a2f2cd849
SHA256 38df7c585f0775d175435305f709b7418d60a98e17d542299e2ccb35c4cd2726
SHA512 9a46cd4abc069ad2c7247863c6e9a29bf546f47150ac41feac448bf8d092672e42033e386dcb55a80d9e61c79458cd8589b5587b018e0fe852fb13dd8053b4d4

C:\Users\Admin\Desktop\CRIMSON\Monaco\vs\loader.js

MD5 8a3086f6c6298f986bda09080dd003b1
SHA1 8c7d41c586bfa015fb5cc50a2fdc547711b57c3c
SHA256 0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9
SHA512 9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017

C:\Users\Admin\Desktop\CRIMSON\Monaco\vs\editor\editor.main.js

MD5 9399a8eaa741d04b0ae6566a5ebb8106
SHA1 5646a9d35b773d784ad914417ed861c5cba45e31
SHA256 93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18
SHA512 d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8

C:\Users\Admin\Desktop\CRIMSON\Monaco\vs\editor\editor.main.css

MD5 233217455a3ef3604bf4942024b94f98
SHA1 95cd3ce46f4ca65708ec25d59dddbfa3fc44e143
SHA256 2ec118616a1370e7c37342da85834ca1819400c28f83abfcbbb1ef50b51f7701
SHA512 6f4cb7b88673666b7dc1beab3ec2aec4d7d353e6da9f6f14ed2fee8848c7da34ee5060d9eb34ecbb5db71b5b98e3f8582c09ef3efe4f2d9d3135dea87d497455

C:\Users\Admin\Desktop\CRIMSON\Monaco\vs\editor\editor.main.nls.js

MD5 74dd2381ddbb5af80ce28aefed3068fc
SHA1 0996dc91842ab20387e08a46f3807a3f77958902
SHA256 fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48
SHA512 8841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e

memory/2640-199-0x00007FF9D8FF0000-0x00007FF9D9AB2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 cb557349d7af9d6754aed39b4ace5bee
SHA1 04de2ac30defbb36508a41872ddb475effe2d793
SHA256 cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee
SHA512 f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

\??\pipe\LOCAL\crashpad_2044_JGNJVDFGWJEUVETU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6d6a072a1d529a550d282ef6533441e8
SHA1 f77750c23aa3b21f5e8281adf32e5934b092f32f
SHA256 dd5b691ab461da46ca9e27f56dc93be096278367ce6f85c3c3f3ff45f694ee81
SHA512 29354362ced2b29085b71b667ad9633801ba590c49c021c069db93b1c7df7a7af0b050a2297d397c9e2a2657d31308b1bc6221e0f762449c5997a7a73136c796

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aad1d98ca9748cc4c31aa3b5abfe0fed
SHA1 32e8d4d9447b13bc00ec3eb15a88c55c29489495
SHA256 2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e
SHA512 150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 82fe1e0852d1b4241b4606de4e112697
SHA1 d8c6975aef411d7e60fea011ca7b0f5c955a547c
SHA256 75e34246ad311e211888b78e4ca1713bb2984aa9aa0ac511e660de2a2df5e451
SHA512 3196044e617df46a0590e9ab1d753d4549df3fcf19abb56c027f48821e100b051d161577b3169763b6bb41e4602139a34fa295a140deca01aaf14705f81726bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b61c9fd23f0a0ab67f31ec54072b1cda
SHA1 827179cebf4b14106b7ae3bdbac80c9c125257c3
SHA256 a57cc84db76f841b6f94d049df5c6d98754471a5926adcc94163ac7f1942f366
SHA512 4a6b87e45bbf6f3bf3c8c5831a80e7547a46012b8edcc569d30e958f02047127ffc38a2f534a1d04e5cabc7661ba9710099b45b89848f42208a7e470e0082d57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 07cdb7425300524950567367e323b65c
SHA1 c3486ac860d98b67afc3104e570bf5886138b54a
SHA256 1bcae461cdbec67bab2b6fb48c88f30d153a335c2c09111e26bc90f94c4da675
SHA512 3647d297f682f468a294928acce34bebc30065e801b1577e2987eb49dd725d27efe4696d1c3d4c7ad21a6aa33b7ae6d76f8818b7fbd57a5c4af4be347adfabab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bbaecec8cd045602b41cfab19572a0cc
SHA1 a4005bf4c18233264dfab9c92da5fb55d4f8f33b
SHA256 26284967ebebeef62d7d45daea164036d64067cab742ab373920882228915650
SHA512 5e3727a5c9fc83a18442e5f463f9bc4d6fe214f1c4edd032811c0043f8f15b32c49bbacd077a83c8987a51996a2d17b6842e00e450e95c6773a84e5ed6cd6f43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595d0a.TMP

MD5 338fb306ea8fc42507e8fcb11e1be733
SHA1 22562209af1252ffc067674071b02f29045e73ee
SHA256 33ec17bbba5074854104088ddd488a0ddc7a3ea6d7105153e879368d7b8d48f3
SHA512 d7c0840bd51e8e2be06b370711f71f3cb1a4ad14e1fcad054af983a16ac38d7150d6ea5eee6bd8640c57bb85b3afe4844582c557e80117770115a356e4636a3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cdcc119ccc135998697e86833e8d9303
SHA1 93629801efe35827abfa146509f461404127c4f1
SHA256 f1391a0d68324ba1505d1ec47a1dafc4aea55ec233dad0b52037a86226ad42ee
SHA512 4abb2cbda8731a39cc198e8abb65480676b6acc4c13cd6ebbc2f5a2dba3ed44fc3136c5d88df9f6f52ff7de43d1f2a94291bbf96e72898ad86ac5f139d46876b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 473f108eb0bd93891357412d701ae949
SHA1 2f1a60cb69411d781cff70f77c4b4be10b0ecbff
SHA256 3163c605f5bd9499cc10734fd35404ff2655f9e49ed47b68ee51ba0ed78f156c
SHA512 c16d392c533c959516711abd14b9d2a81a4a4619dc4b666b1422e57de14374f1e38e595c309812eedfbd8d168e9d5d28d1460607bfa22d0e7ed270623fc74b2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 adbff0d98ee5717673aa9d9aba7d2d3d
SHA1 a0c26894596273844744bad3f69539e994ee63ab
SHA256 260376f4f8455aa94511a980fb272cf44852803eee7cd857a8746683308d4cfc
SHA512 a1b9e5499b264e3b55a6b8feacd6f1799b692a68c610e07c22016f67fcc88f7cfeace024f9ed5b8da24a8a08d77b42f4919edf29b581a3cf9272feb04a3991da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b875f275c6650a0210d7d4d08fdbdf1c
SHA1 a1eece66ee25482adfa09d1c9ca88961c95c3843
SHA256 b1c7a91bfc6d009759c79198ed3f567df34ab6342c861f183588ed032acb3188
SHA512 852820d5fb330f5e306d612f1dcf9b08e2ccdb5bcaf96e9bf7fe3a4e9fafc2559d2b88d60aa3332216cc5c04f24182335deb8c4f76e20715afe5b8f4f9f10bdb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 17464f7ac892500c4da8fc806dea6928
SHA1 6659761a04b4e0da4d4360eb8ceb5168ca13a694
SHA256 a85b68541fdffc4acb18cf626d61926b4cef2d3856884d16818adde629e5153e
SHA512 5e3840a9412c801df11bf4425ea17a34a640ae34dab0697139c04501f5e25a15e653cd5a3101a48c2bba2d84de83c418a5d39015055434e97b9f69307cf2e9d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 98b80b052b896102ea1f22f06815c697
SHA1 1bea82b1be8fb1e4855b74d43449e11692388741
SHA256 8841d3c2f0f522d58006bcf9b360d52c6befadd2015e3e7aa3d2c9563f1844b7
SHA512 00462cfb549d82959cca54aebd05214f2df567e4a33ab31e08507130715522554851c3635ad698324582177e303bc9c224a16094b179109548ae2b728d334c7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1d7dddfa14e0a65ff99649deabde4749
SHA1 2345e4fd8bed25f1b82d0d5dee64b88c2ea7496a
SHA256 29a60b8fcf7077402daf4e62c6fdb275a897a5a3321dbb514ab1322c88527854
SHA512 219ab30072b97fb51211ccd9f0c3da21730805e51745359e6a2a1876b1d7b2a007d762d23bcb5c57cfa0678798b4048c6f0b6eacc9081ba66d52d4d9d32ae4e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 572c98ebe34bd93d74c8841c10d2c754
SHA1 bf04c52ac0421abb474316dd32fc58626f0e6bf3
SHA256 4632fa51ce790e9c4fd39ea29ec4b34d619af20087c31d1f5b5b0e81833460b9
SHA512 7add1844e163f270c51f401a3d1866a6a3a451253db1f62cdb8d80507854db89bb8bc3cb5a09866895bca6c4bab7f0c9effe8a2ea9c86e8c259e2dda6433c268

C:\Users\Admin\Downloads\NDP48-DevPack-ENU.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Windows\Temp\{6A52A14D-1237-4C87-9D1B-FC5E05DF23EE}\.cr\NDP48-DevPack-ENU.exe

MD5 562cf2fdf320cb1025e32c7c396e7983
SHA1 80b2dd54bdde42400dbbb2b6de262630f90f4948
SHA256 6901d6e6c6e19f32caf39dc8022da2fa009a8c6f6a187a59b4c6eaacaa8bb158
SHA512 3f874403a4562120c235aad3daddce084c4a94d5623aaa03bb3e2e1efd7b06a9953ed68ca36ca3842f0e82d2deca6203051bf3ecef2daeab5cc5dce8ae134647

C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.ba\wixstdba.dll

MD5 f68f43f809840328f4e993a54b0d5e62
SHA1 01da48ce6c81df4835b4c2eca7e1d447be893d39
SHA256 e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e
SHA512 a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9d95072bbbe03b8f930195a50e0081ce
SHA1 ef2562d649446abde97325a1d2aca116c5a28e54
SHA256 4a25be21e5c8b460889fbe88baa884fccf749bb0661dffd2760e28f66c6777ba
SHA512 63a402fda13a2b1252666cf5f84b15e4d98b4ae783489bf4d562f12fa81404d4c2ad7968035ac0785a5b932255311044b1aa32b8c14ee1ca24b4e277db38be1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 51388739cc575f5e507dfc2c14c2daae
SHA1 e988b72025d74c047f54c136afb6a77aeca4a936
SHA256 79c2946f22b4d83f03262699d00932144c931310250216ba78056cf2ec232031
SHA512 59b50086d7f5fc9e97ceca3637a2b152bd21949a7920e511d0220c6b6c7738c0d12ebba0dd408b3fb96a79ee1dadecf90022101608d957b5f65fd54296ad23ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 86131128b11b924805dd1aec203ce2c8
SHA1 ea1e30663eaed9b10e451cc7d9b1ef41394368f0
SHA256 5be680b9e2d5d549cbc5d533b33b8818a771968902d2c9d43f1161a845e847a1
SHA512 ca4550402e3edb4332f9c77430148ecbaf3915b04bdd7c742cf05799b386ac49818407523cbcfb2bb024ff711649c725bf633f5e466d34be207f6f8dcf4344dd

C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\netfx_48mtpack.msi

MD5 627196e57ce6398f411bb5a2f3cb16eb
SHA1 fbd983afa48a7956b6176a021459cab679cb059a
SHA256 67865eed54de0733aa605eebb4e3a10c675b4dc9bc5b5641c6734d3c9ac761a3
SHA512 28994ac1d3fb254aa79ea581039262299aceb3c62223d0a5f78b0694c8fbd74c05a4880a7795cd6be68e11b455f9342bcd9ae1bb4e82c21389834cfdb0438a61

C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\cabB71FE2B0D8117D89E552B3447A6D2058

MD5 bc1d0797bb085ce67818693d4ebb9bd4
SHA1 6f515e68b5d1cff2e817ca303dcb088a449c4ce2
SHA256 a8ef3b350d0c379101b08ed48f9c3fc033d8d6cc27be52e3aba8ac0cd4444679
SHA512 f006bbe7cb933ce1ff88b9690618fa259006e7138bd7a341363d34046eb3c108c09372564e0f801985e1210ade7cf88efa90ef620529730a1c2c5ae113a86a7c

C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\netfx_48mtpacklp.msi

MD5 5bd90f0ba47cc8dd6a79ba27f5ca8c1e
SHA1 2742b75e703bcee7f982a77d14ae2adb8e73cb6d
SHA256 704df3f7317c52c028e2cf06fc6f8b1b306a27494f8aad513d8250fe835aaad8
SHA512 9ef6d9b176a7d527b66ed89674151f1873dd3fb0a6f426246c3875a4ccf762eac52e2ef80573e91fb38bca9c9c55cd6de4cf42e5abd13c288603350e0dd6f36a

C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\netfxsdk

MD5 6c372859cd7f3815d0fe8b9b3b64ebcd
SHA1 ed6fc350ea4580c74690ab5fa5c573811000422a
SHA256 61c76da293738f93fd0176837e5e70bf414903ecb527a7fc25fc7c862066f5bc
SHA512 252a0ec388c761848186aadce5eb25d79e273dd3bfe82fb35e5b068c5c02a71155236f24fe4f6cadf4ea70066b941ffcd90315cb36da9183bc8eba44b599c004

C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\cabD1E074B22EF2F28C6191A59D9CF2A472

MD5 e5539e2120a3c3ed69bb9541591ba6a0
SHA1 0beae4dc94a19950c49e40f958bd4563da548cd2
SHA256 131fa7cd8d661a151a13077a4bed21a4d187c5070b223c28fcf1a2bd1243d817
SHA512 5483571270258ec0d6ad6afd878a3ca680a5a27db7804e138cd6c02556c4e1d38a7650e81412a0b4431c48069449f31b20091cacff53bcb55d99a0ef0fbfa8db

C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\netfx48_bootstrapper2017.msi

MD5 3cf1a83d85315e602958c635e31795c2
SHA1 edb04a07ca679bb5760b56a7d2e72093f2f417a9
SHA256 66ec65382ffc519fafe2a733af5e8b51d8987cdde12889c05d6438b9c8eb586d
SHA512 7b9f327933138844a34e59cbb13c505d668cddf695084e460a07d300dccf31e1b80378a0399b739d2346fbaf4d90910f150d7fe87a5e2b3efdcd5c901b7ee21e

C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\cab76FD31F69F3B3E0D4BDD223DDF5443A8

MD5 a7473d5e7524a8a12b28a4c9579e625d
SHA1 f2e77c98c3fb08c2e57e2dd19fc38c4262b51a02
SHA256 5fb68d7868c8baa2bfafc4b3112053e2e2308cc2bd53bd16647b690fff65ab2c
SHA512 f0572ba179634493c409fb9ff23be4cd3af504bc42b75d7b8cc379507108f2a1a35ee7917838b1beb09db99f5f44cc72bfe25129c99c54ba3d4c7c69c5f0e5b1

C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_Framework_4.8_Developer_Pack_20241117142456_000_netfx_48mtpack.msi.log

MD5 2f8d63ae24a87da7fdc751b6d77167b2
SHA1 996711fa012ce6ccd6b63b06f76be319fdc9ac61
SHA256 5328994d2935bfdae27e12cc3d27d56c19458f36cad2908fc7858d2fe9a722d3
SHA512 3fe37ac9be70bf094794dd8af80d9ed1772272c0c1bdb2b2f762f3f53796a974966efc68d9ffb5109bae018c3c433efd6dd760fe1d7aa6aa6a1b7ae4a093de71

C:\Config.Msi\e5b3018.rbs

MD5 ddcd8ce269e07f953df33b4e8b5e7f10
SHA1 eb39f6c4370441f8ecaf9c46c5d89708e380dfa4
SHA256 0bccd20544c458e8ab347ada3f747d3ac53bee6eb138d6e53a34806e362a4e47
SHA512 a37a6e9576d5c4c7a2a6dcfa71fc10d5e457c28efd48f2ec238f68bd62da447c6b45d32e80905717645f9505d55ac6778d4991ee8723a32fe76e043fbf02037a

C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_Framework_4.8_Developer_Pack_20241117142456_001_netfx_48mtpacklp.msi.log

MD5 0607930ed8ccea0c5eae53745daae038
SHA1 b260df0e5e6f795627324cf9cbf9feaa11653060
SHA256 6925a5ee0345372fe5a1552c09ba380035aef6010a9264e0a32dd2145cf4243b
SHA512 f3e0074300bb75b65e6eddd470304267c84ac6e76b24300e0d6b5d31a729fe28d9414d015406443b55e8f3040ff8696e71b8e330335de06bf56fbd968a0b4545

C:\Config.Msi\e5b301d.rbs

MD5 62f33e8d554091e5bcb4b1f2aec7a8cb
SHA1 c595d3c6e8eafbf18d6323619569a13889e510dd
SHA256 54931ae91b221347ff500d2af80ec29a25004162eb560a84671fff614204e905
SHA512 7944e20dacb25ba199226451db2cbfd60ce35ba398fe4d960c8b7cf791960f3a22efd19cf65e86de27de02c4ebea787502ffa63a0ca93d15cdeb3d1a336fe485

C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_Framework_4.8_Developer_Pack_20241117142456_002_netfxsdk.log

MD5 9b27da5d462582af2d461a70475bc93b
SHA1 2c0ee3ce35e6d58c0efa9c84085705ab1699c715
SHA256 06ab5ff9b9658d09e400be899447da1cdb157fe71b673c98ae567cec5c221aa9
SHA512 d8687dfc592965e80f5fbddbf6af7f783766d0be4305c2111012cf1ca910f9bebfdd027d5a24d48304af01d238aa065d6f4dad5fc7e46dab20220975b634244b

C:\Windows\Installer\MSI41CB.tmp

MD5 4e73a312f7f849278a5511d4ced5e641
SHA1 1397d9d1db40d29e6d08fcc34cd213e88274a35b
SHA256 a459c886f0bae7019994f73c11f4f308266b1f2954996c43938e24f6d4dd2dd7
SHA512 4692b891f74de1d4929afea4169430940e34912b402df92c6d20299ae1cd6418b66d050e876fda30ae2ae451bac07451f26dfbf007b2311f8e6595202d214fb7

C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\PEVerify.exe.config

MD5 7033a6fa2f8a457716f6d642137cc7db
SHA1 7a2cb4bbf68074357e450d6cd6fa9e4fcaf0ed2a
SHA256 d1e116f59c6cf832090da36f95725827a7f5edb3173cbce13ffedc4fb6b61d2e
SHA512 7b3f7532c57590f16bd79a37b66392aed73c1bb2ecb185273e229b32a722ca7a96051f419a42e1df1f28132190170625a09e5354a26773d2482fc749f15ca9da

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

MD5 b4a15b755cef59e96ba1a32f7b9e6533
SHA1 89ccb024e9705eea3d01bbce384bcafdbdf03d8f
SHA256 ba5c11698390df5ab82e6c085990548ad75eb35bd6102f20f33f42236fa6ee92
SHA512 76f3675c8cd8fea27dc1ce53dcdea0f33b144d41d4d21034dffeda4c6270ce57b728f03dd23e44ed393bcf7a65d7a9d0af6354a49f367915e11dbd3a00c0565c

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

MD5 a03b77a967693e3569808a00c77abd01
SHA1 9e25caf21091f1eb3cdaf266773ebb675449ebd9
SHA256 e462a7f388bd2a8e0e16c507d7b8f11264743245213fa0a4f98bd0123ba3d5df
SHA512 d328e10960f9c03e17915a152e090f4e8f42d48fcf9cf2129955eec8011ca62b252adf48b9effb362b2c4c4da8bd38b675883424f47f7f3348bf62381005215f

C:\Config.Msi\e5b3022.rbs

MD5 c9dc97093b0544e1c6252d03f1935b53
SHA1 49249c1d7fbe3072ef28d8ad7c21bf4e9d02d01c
SHA256 35d13f623b06f3483461fdfc1c7e40bd5f090dab5da6d45e59860fe0ed09e874
SHA512 7d574a7b799b6409c69bff698cdbcf4f0a6ac6786beca5dd03355394e8a3f40ecbdcfc982389efd020881a1bab236626fa1baa493b6121c546a8d1532efcbc7f

C:\Config.Msi\e5b3027.rbs

MD5 21cd46cada64abd448dffddc4bd03cd4
SHA1 55d8a401891aeb24e1e693523680b2401338cf76
SHA256 c23be044c1dc6a234244a9124ce2b54cf88314e933846ee84393f3f374247fc1
SHA512 f6cb7251ebff685cd766c720a166a64534b2133d6e33b24ba99fd6575fc8b40ddc532c218b2a97bc46d6bf2fd3f0ba9ce52f892154d30a10893370cc90c847dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\279e2cee-1132-49ed-8253-ef8f6ce367e2.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Temp\scoped_dir3848_557081031\00a176b5-ef58-4638-a5be-55577cb4f9c2.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir3848_557081031\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 b71b4a8c1bec2ccd69dcd23bd3d1388c
SHA1 f084eb7adf9f3de4d7c4ef4799b7e5c3e5a29ec1
SHA256 35bae798702245fdf85755dc7a9f7033db09a1f88aee41e55a69d8ced126b5a6
SHA512 a8398dd73b502cec92e00de49ae434701f29f1a26332e832072748b8ceba413f509f18ade85c59e60ba140903f3740bd95d460501c426c2e69101ae698c7ba35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6cef50eee71baf27849271443bb5f428
SHA1 df49a215d05fb536e167e9348794c30f52cb19fe
SHA256 e3d57215356c47b725cb4112c67be9affa494f7a9fe4cf4db601f3f64dcc4b22
SHA512 70f79262c5e5ca54851a18e45d3c8442870a5705c6b3664a4c9bc3994d374928a7b424af43ddae64e1da0bc32f5ac0c1bbe3eb05eb9f4a886420ea47eb4a211c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cee8bc9cef6545db43d499d74d09f666
SHA1 222cc7c9c1b5ff8eae134499580abc433c3b8345
SHA256 91ab89e0b6a2843c6dcccfe0eb3670349d45194be855d87cfa1b179ea2c35b58
SHA512 5381bc121201341eb571c1dde9e126f1a4a13f7e89afcb107c6ed3f1788243491d554ac0beeb877e47e79797706aeb7e2cc10d6728e4dc040a205760c803fbe6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 16098fd8fd875cef228d48a90ae7636f
SHA1 f0e87bbbabd2928514c0e525a6bfd5fbf6289986
SHA256 fd897e168107160e2977a618797da472c4cb43016c713bad357df63dfbaac952
SHA512 a9f6efa1e6518b6215ce366236a0bc6286c7d14a945ce98c673248dc212e03cff16d054d0ffa01e78880b4d5085a95e1bcc74fec1f3679662b80dbc6d7e8c53f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 dedeb731f9706cf76c19e1fe7c0134d3
SHA1 adb9a884a7cf004868d2cfdba4a7dc1d15922c1a
SHA256 9ffc874f98cf39a52c9771fed1cfa12b08dc93cfbd753a5279fbeb7fb2070315
SHA512 26aa2e08af91183af2fa9887392534bcc8fbc86800e5dc7a0679d9497f46cc679b2a90d3cbbf804eefcf78ca789bd14239341952646398f1ec9d0185136c6de6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3c846e5bc2bc066528f01570063789a8
SHA1 a7cf56d44642f349a872dea2cf1e8b05520b42d1
SHA256 50ef3610b6017b80c1b3163bd8e4b1c329e2e9f54a6750ed406f7c945c855335
SHA512 e7bfa7e7d53444c79db0274858da7c861746f00be0688aaa8e389493e81462c8a7441c5d831cdd12e7ac75b1921b80b81428f4a82c7a4d4295fcad95b9dc7af7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c260a130ef88a78d53ca282d172ea009
SHA1 bb67a17c21c6c08b9c83b7cd6606a1d931c10291
SHA256 42f941b31a243b00aba603fa20c32d636306628bde2fb187ffd7ec1cd92dd6bc
SHA512 63d0199f12940f6b0bebcefdca1a6a54ea4e2daa054e41c1b80bfffc13c805daf5cab2ace3cd1fb66b73a2986b9bb4de5e0bd972cc5fd43f8026b6ae17eb40fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a0becc5b05cbab1e4b1a4c493df8c305
SHA1 7d3e8cbcf390480e27d36ee0fa95456409a67bc1
SHA256 dd3dfacc9ec808671396bba0ff26caee8813237113c183aad0357c1487d81b6b
SHA512 b8c90e5c9b3f1a5c648e1f9e5c314af2c03720a93f1ba9b28b86294a1eba2fcf90163b61e5b47baf074aaf1ec8927c3e7b6ecd6a02aa0cc55a8eedf19e4e4dd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 490d4a0e2a88807dac87cb23607eddec
SHA1 8b0eb7153bc20850573148b489bb5c262d6bb4fc
SHA256 2840354b0a89b90872e8eb306483fdf28c01a20f6d3d25728da79fbbc0a4d7cb
SHA512 3cbab132a6679719e50cec36cdaa0dc65aaa88d3d8e192ae1179f4f0a7f1fb55001d864a459c050f5efda2be733d786f532b574a4fdfc7a2d6513aa781b1a8bf

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d6fe01e4c17f8c679f4f327f5ef1b0c4
SHA1 276576fe11fe6a36c391c60197a93e2405aed919
SHA256 2cfa5ea9d957a0454e2e0a05fb3a18266b10c5153656633fed989b1e79da8365
SHA512 77feed5c16f661d448bed80d2638e60233bc1790e2eb319b3d5435f9ee4f4055869a7a60dffd43db2f113471693a3636d21bec3e0fa9589eea7ca132a7c4055e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

MD5 9196e81f8ed7f223d765423c1f9bc8a7
SHA1 88f9d5c2a6908cf36b8daae803578ca9e1fd2929
SHA256 a4e2bcf7ef3c6c614c2142d3c1fd44caac4eafa86a1779ac31cba164e2d89cbe
SHA512 e7d23866fcac017762d2e2f18597124e9147f458d30038f78ba9f3a2bcbe479fe4792573894370ce2d6f93a00401231d9f01955fde351ff982a82ba87a8241f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

MD5 2688aaa1dc30a3443123bdf980a35ac4
SHA1 379b28a92cce713f07de8d149e8646cc5ac1a968
SHA256 c41d9474ca4e9fe7a3d35e95894f6d42b91e2404fa7ce5eb685d61aab514614a
SHA512 1fe884aff279d52d875fa0aed31f141aa27e18c3a6ade2da3f8d017e0fb621d1eaa5ae15da86bd7974f7c9e6a004a33f46fef4b9178f39fea13288ab64ac8346

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

MD5 5ad67628093b90d7b09f19fea57ebe1d
SHA1 c983290e8692fe0d4a5a6f7354c27ad4c61a0221
SHA256 4c79b51c58fa56da28c18b94f01cd86596fcceeabe3f7e624cfd355bb966b63c
SHA512 77831e58cad399009e784dca517836ed2a27237890f5ab63dda6409b528952313c33f76b689076162f239d3de2da1aa96d369c19a3a328da431ce712642574b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 adcc8ce3994778854acd29b0c74ad2db
SHA1 2fd581cbf3c0db780f59c0b38b05ad53980a9d3d
SHA256 2f25d790d7b18a1d68ca829825ee5a9068c8551a16e204dbcdce8fac81939d00
SHA512 03c00656e9420f6bcce052dee809ce1e3756c597bf7f67a50a6c1b75220df6434717cebb4d42bf8f70637a4eaf04a67525a02110545114ee1cfa6dde80106844

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 93ca30deeba1d2c6690574d46e2c91c8
SHA1 e22a4b4c5e1dcdae790d24ddcf6b47820f557e68
SHA256 d470165ca0dc9d7e50d336d51c2083d95ec362a6dff290dd3f93befdffab8f8d
SHA512 391c84c324274e5df25a2a136c9bf12f91a4f791600f873625236fc1326942ff94aa62032d0a39e32c3c46fe3f9b917a3d6ccb39399cc31fca06bbf187e011e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 43a1cae2c6f6a989996fd85b3576c3df
SHA1 75adb94e2be04c2a8dcc334deeacd009a584d494
SHA256 6868d4bf1dfd64c3a311972574d35e585cd13d09497826bc866f271f4ebeb2c4
SHA512 a60e4b860b0da9a4524c80a065377a4d5a4b0200f272ba9a3559703b8f64c90f85a298986a1bae0c89fda7d1f0e002af713bb45975044fc645d013fc47cda8e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

MD5 5aaa8c37cd59979b920cd21c4a50a38d
SHA1 0ee61e3b2d58513b92cf4c6b5114c1beb55539e7
SHA256 db6c6f42e1d56092fb2c3d317968077cb29435139274faefbf4ab7681955bec6
SHA512 0fb4c45db9f29963fce195e79b4e9963e57a50ef0fcab74466d6034834e0099f1f344a8569973d4c1ece05d9b70b5938b42ead4fabaa08de7d24c911df28c235

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 13bff820b44e9cb4eabc1914cd3e8162
SHA1 72588fc13c8cc8c09ecbfe9f071c85264c64f32d
SHA256 2da28f517d9f45700152ae12a3e2de7535d386df976610780d3233c70a2e0d05
SHA512 c90a3bb3643b3375813ea799de8a698468a915f4f842cb2f3dcbfcc4ef5dbf7b2ed878b1a4c5273f4da3f310fa2a2b7118beb6d4ad1366a97a53d64cb81c92c5

C:\Users\Admin\Downloads\Unconfirmed 311117.crdownload

MD5 b3844d880d71de6d787190d2e378101b
SHA1 0e1ec7c7e9e2c7678db5548de80fc5c57f97dde2
SHA256 151b1c11f625e7122d517b6a1778841df8ff168d931c41730f59b9e4b8bcbe36
SHA512 99b1d7f9264e7d5aea7b01b69ef541065030055a37cfd76f9846b3cc84fd6f2bab612042d68ddf992bda41553c493fb45830699ba5f56ab0aee200cc539cc5d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3d9e16965fda433b0e2512e450d588e8
SHA1 ca86abb5dd440e778622e61f90c509e92874699b
SHA256 a180d02a54da36303f1dfea6ec6a723204bc2b4f92f5bb17e5843c788ddedc90
SHA512 6fde0fe474da56f7b243d8d67f05eb0bf2ae516e9b6e0bf0a496af0060f75ea94480ff806f41681d1d23d1a14a3ad2360f03da1554d0f2ed49041728cb1687eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9211f0c6146a340a1b9f71d8bd802333
SHA1 8eaffd4edc20f480ca35b862b3f6cb59fbbcf4d0
SHA256 fcfd49d4cbef66c79d6ef180c8634223a5ca5aa425d604ae3a124e9d86e6aedd
SHA512 b5bf33cb6958dad59577b056a192ebce7903c9d8446b718d3bb56e51715f49dbcdfd707193a53ff8a5073695467f2f020cc1843c0b6f2d8709acc7c69d742ab8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9f0807009817fcbdc250b8b7b56d5080
SHA1 65532815231f2e6fc80606cc920d75461a0cd8b6
SHA256 1e88fc7e894699e0b3fde977922d98ff3ec06f4c1b24b1d16f1e3a9d7e9a2470
SHA512 bdd7c18ff8c4e6c1e952fb3c222cfc140d55d74c536b8b74428585c090c2b6cc9018da6acd05de9d1f2ebaf151e7765d11eb6077d01d183a0ca30e5100b0b85d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9a131d266aed1a48ead6acc39a6b3f57
SHA1 b5908bf887e20b4b1b6612a45bbca84ac7308a15
SHA256 c1238ec5339f0da3b340ef4e94b1061ea9578f42c23834bde6125b91e54b4b3f
SHA512 1c558b347ce059eae287acad211982213401db05b7b075e89e78519813df08fb5dccf48aa430967ceb3db12832e4ef0e0c54d7d00b045cd01a73b3f61c28e360

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 056ab58fc54ce7b1018654d057e8f046
SHA1 d55fb6c1edcc5dac87c090a6fed9b98dda5e1731
SHA256 664ae5a9622f2d118bfab62497e123c1baace43912ed047c0232a4db1c18e803
SHA512 2b965624df0c242d9cb3110084ba17ecaaaa4ff55c68f74cddfcdb375d0a032264b5a6e15f3770e147bb86bfe04d8c809fb8bac8ca068fbc6c112c6c376622e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a952b67001f0c7dd972bd90a25f6ea26
SHA1 9be68a3703235f5cbcbb298e41ea17af6b11d4b6
SHA256 e6980d3b5a564e253f6913527b3fdd83dc4005645ce888e04cd5a4cbb5379713
SHA512 96a6ca67e36eabf1f3bb3b1cb1687f678a40b785c6139a5f70a326204b870f943bca233efd98d90fdc1025ae35e89a1e1da45b0f8ebb71ad47a59cb294506f31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8d223a11a17e61eef6f85d094e50aed0
SHA1 3fac4f36b841d482ed282b9daa52a48d8e85c357
SHA256 062b8994ec3213fd2c544ed33b5099863042f9218a980e6688665c44daeb7f12
SHA512 c1985b43dd0758d5c25e47f23d33df88635657c0735fa9fcdc00e80c04f0c3d1e6654d0f85a114805a3659cb8cddb282338f2f76941c1696039c7af4f094ad7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0a3c19c8a6eed137b1a83317d775fb69
SHA1 243cce87f17374ad99b3c2e634ad4d5dfb701af0
SHA256 e95b6c33d91d5f708ae4d133fc8f06a880f45416d2d557bc1b1dd0fd914facf2
SHA512 8c1bb45dfeda201b8c2555916f2f9711d3e6be8f310b71cd7b2514afed9733e9d6b23786f4fe959027a16522d8b1f7e611f9be72e1418fdf097610ef5ab52326

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f83baf8ce9a5e84e1fcf0d1756c206cd
SHA1 17b82490c0c252b9552c7964efccc3357329aa4c
SHA256 9f78d0ec56ba049b1f025a2f5f1280fa79b0ff5d9c29ad5fcc4e5a426059135a
SHA512 03d4294cf79c58ec5fbb84084cc93f4c11eb71e72eec647d5dd6dd566f268f7041166816edaa4b0ad5945702589a6eadc969ef22fc1f8c3949f8493a8d72f22f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

MD5 888d4c55cfbd8b2a3e98614cc0d79236
SHA1 a30ae535d82c78beaccbb626788daafa4f46e754
SHA256 cfa46d2a1ee9c607086850f4d8fbe37a9df8ec9716ed5933d1d37dd4a5dd118e
SHA512 226968ab1903c663a5dee14d975effd4fb058c0a699e3ae8a5dae180acb2a6cf997c4c0a823c8cc4f3e49459a2bf59a2b30546ecbec1fa70421425a0f74916fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 071939e7df8e6394dd92c773ebd10792
SHA1 55e3eb70e9ee76c7e3741a5800b027d143adef84
SHA256 89aad323ead59ffb39b295fa1af03f73d872359bfdd0059544be654e8cb8c49d
SHA512 1953b401de4d9e4962e804390bf34d9b655e753b415879bfbc7ba8e8f7dad3ae99c20295ebdd9e5eac2340963b6b8fcd54063edc7b97adc1d952385677295006

F:\9ce405a5eb6953b779bc196566\1033\eula.rtf

MD5 47c47a12e6830b793150494d35d51637
SHA1 87a11fece572f2a57982270533d6906daf7da218
SHA256 4399b24e28becfb3bb2820daa09965860001492145fd7e2466da7b740c31855d
SHA512 1b85ff8f11afafaa7368e744d281d964313eb342d294cbbe0e1c5fab3c5e817ca2b58bbcd7fc87a556f7575fd8e9d7404eb0a4f8e045e4c446ba83398eab3127

C:\Users\Admin\AppData\Local\Temp\HFI658.tmp.html

MD5 475958008713e900d6f3bf24d78c3e6b
SHA1 4f3ed036c28ee99fb604cd1136aa1029e89c0ee8
SHA256 eeb5cb4c913e76a6ed2b7ddabee4daa35ca2df2e717255f4e9607e567ecd70a4
SHA512 acf48503f9f41a40d95823859147d4044e89b7049c6388733e1ce7db720b8517744c507ab84d6bdfa811f92e34a0b0a49dd1764f598ae2df1f180d4ed27dff77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 09490bf382ebeecf0d913f6d03fa417a
SHA1 b8a6ad6520c0c0f43148f81bc5ccc14f98cbaafd
SHA256 23accca3b6682e404e8e70c858ff386de686fd02172622648119256afd9ba68c
SHA512 61541798d8e2a1ad041b26202e59190c677faed7ac80d90b6b6885e1c5d89c17f10df29ee89b172050136197ad859071d139cfda76a7a243bb918053332f000c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1c0b1edab77e28d0ba69e6891516d849
SHA1 a1a8a9c57d6fdc4f8126098a0a7e83df88467fed
SHA256 4c0ae83738a8369347066b7257751dc3cc7e9384d306e124165eaf26edb0d966
SHA512 f7f3e988df2743cef07f21ecd1ecf5001315e6071f2b8534e89569e172ca569e821ae73275509b5e0cd49bce77fcd15f5e1fcbd94bdc4d2e48466ad1771eddc0

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 1e7dd00b69af4d51fb747a9f42c6cffa
SHA1 496cdb3187d75b73c0cd72c69cd8d42d3b97bca2
SHA256 bc7aec43a9afb0d07ef7e3b84b5d23a907b6baff367ecd4235a15432748f1771
SHA512 d5227d3df5513d7d0d7fb196eef014e54094c5ed8c5d31207b319e12480433f1424d49df759a7a2aefc6a69cef6bf2a0cc45d05660e618dc2ec9a2b082b7b5f7

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 b5ec1c651d538125bbad8ae7b5878883
SHA1 fc51a9862cd962c1dcf92da77deca73aa79f0c04
SHA256 7e4836c483ec272727cb1e69f6d1769be0f8ea3783dab5fc6846bea18f8c5114
SHA512 ce915256b7339ce5ae8c12864b66f8c83c4ef31185e46d5877776a4fb21ae18a58c742af77312d54ca77f42d33c63e9b6ff868c078d11d423dac4b72cb599f2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6d72eb26674f94b75331444c4eadfd62
SHA1 77b8b089c347ed4e09eaa19d803bd866d860c381
SHA256 40d8b756bce9631cc23e72df9055ee26e446f19a67d675a433b835bbfa47a7a3
SHA512 97cbcf59706e6a7ab98c37efb569a44a7bd571da004aca336d85aa657768c3f5d0f463b14d7b04031234aec258cd5eeaf97d194e06e93855d4ceb6ab8e26da9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e0d2f627696b6d9aea53b7bdbd8fb2b5
SHA1 ccb605886f6c1a94f7ae019e8cd9142c3c866d41
SHA256 a85050db8758acd07b04af81454c98bf9fa49b4aa93cfc0e094f8e3b9632fd93
SHA512 e8481d5142c2ddb0893f056eba14adfec90b3d563f30a9493c99dd104dcdb5688eae92117609bd26d5df4c3f6e73b2653ea7f4c346203f98d555a8fd390abcda

memory/5816-2951-0x00000160DD060000-0x00000160DD160000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c4fa04afa081b225c951e994fda8b84d
SHA1 3b50789dcf491c81a2382730bb83fdc879fc9508
SHA256 33f83589309d81e250c989e13b0661300ff59b0946e56000ba121352b0826b7d
SHA512 f8f2cbabc8903e4fe36f58cb0f01071c209b357cb4ff86ce67e98053e1de074d6abd96a588dccdcb4137812853efe20191582d72fb1aa197f88b6564eab88679

memory/3080-2981-0x000002246FA80000-0x000002246FB80000-memory.dmp

memory/1360-2983-0x000001C376E50000-0x000001C376F50000-memory.dmp

memory/4808-2987-0x000001AFDFA50000-0x000001AFDFB50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 48f12cb0d85cf2f9a5379dac2f931600
SHA1 686ca714ca74c89f00cb95acca056c057d09c886
SHA256 66544b2f89f7f24860b6c0f3fbdc399b64bc8bc9ed4b56d238442e6fab7d2b76
SHA512 4532399826f2a6908bdf36b90550ecc8677b48b4416a29e007789abac341578553a1821218ce92eacd36ad03c1dd5cbb2db397f85096364b77124dd96138506a

memory/5248-3008-0x000002019C350000-0x000002019C450000-memory.dmp