Analysis Overview
SHA256
0c966a7beeb63c7bee76689648713ebb8ee7428f71d5f48959dcd45e940fef89
Threat Level: Likely malicious
The file CRIMSON.rar was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Checks whether UAC is enabled
Adds Run key to start application
Enumerates connected drives
Detected potential entity reuse from brand MICROSOFT.
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Unsigned PE
Embeds OpenSSL
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Uses Volume Shadow Copy service COM API
Checks SCSI registry key(s)
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-17 14:18
Signatures
Embeds OpenSSL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-17 14:18
Reported
2024-11-17 14:30
Platform
win11-20241007-en
Max time kernel
529s
Max time network
530s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NDP48-DevPack-ENU.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{6A52A14D-1237-4C87-9D1B-FC5E05DF23EE}\.cr\NDP48-DevPack-ENU.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ndp472-kb4054531-web.exe | N/A |
| N/A | N/A | F:\9ce405a5eb6953b779bc196566\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{362af3ba-ef6b-483c-9cb9-8033838e8b7d} = "\"C:\\ProgramData\\Package Cache\\{362af3ba-ef6b-483c-9cb9-8033838e8b7d}\\NDP48-DevPack-ENU.exe\" /burn.runonce" | C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\Temp\{6A52A14D-1237-4C87-9D1B-FC5E05DF23EE}\.cr\NDP48-DevPack-ENU.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
Detected potential entity reuse from brand MICROSOFT.
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\PresentationFramework.Royale.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\xsd.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Microsoft.VisualBasic.Compatibility.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\ResGen.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Include\um\gchost.idl | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\SecAnnotate.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\ildasm.exe.config | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\mageui.exe.config | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.IO.Log.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\UIAutomationProvider.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Drawing.Design.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Security.Cryptography.Primitives.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Activities.DurableInstancing.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft SDKs\ClickOnce Bootstrapper\Packages\DotNetFX48\pt-BR\Package.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Collections.Specialized.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Net.WebSockets.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Microsoft.Build.Conversion.v4.0.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft SDKs\ClickOnce Bootstrapper\Packages\DotNetFX48\fr\Eula.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.ComponentModel.DataAnnotations.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\PEVerify.exe.config | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\SvcUtil.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Net.NameResolution.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Microsoft.VisualC.STLCLR.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Xml.XPath.XDocument.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.ServiceModel.Security.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Linq.Queryable.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Lib\um\x86\metahost.tlb | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Drawing.Primitives.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Microsoft.Build.Framework.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.DirectoryServices.AccountManagement.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.IO.Compression.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\ildasm.exe.config | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Include\um\ICeeFileGen.h | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\ISymWrapper.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Threading.Timer.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.EnterpriseServices.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\ildasm.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft SDKs\ClickOnce Bootstrapper\Packages\DotNetFX48\cs\Package.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Xml.Serialization.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\UIAutomationTypes.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\WSatUI.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Web.Extensions.Design.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.ComponentModel.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Include\um\CorHdr.h | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Windows.Forms.DataVisualization.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.Threading.Tasks.Parallel.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.ServiceModel.Web.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Activities.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\PermissionSets\LocalIntranet.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\CustomMarshalers.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Lib\um\arm\mscoree.tlb | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\Facades\System.IO.UnmanagedMemoryStream.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Net.Http.WebRequest.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\lc.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Lib\um\arm\metahost.tlb | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft SDKs\ClickOnce Bootstrapper\Packages\DotNetFX48\fr\Package.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Windows.Controls.Ribbon.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\PresentationBuildTasks.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Include\um\VerError.h | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Workflow.Activities.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Printing.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.DirectoryServices.Protocols.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Windows.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.Data.DataSetExtensions.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SystemTemp\~DFB6F28B4BE81EC2C0.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5b301a.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF2E4C671EF26665ED.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5b301e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{BAAF5851-0759-422D-A1E9-90061B597188} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5b3019.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Installer\e5b301a.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI417C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{A4EA9EE5-7CFF-4C5F-B159-B9B4E5D2BDE2} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{949C0535-171C-480F-9CF4-D25C9E60FE88} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF4A549E4C76405C43.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFC72FC15234B68F41.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5b3024.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5b3028.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFF7F46F92528C2171.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFD15DB1AF2FEB46D6.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF26D485B1213C24F9.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI41CB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5b3015.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF4FD940508E0DD813.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{7556B2FA-6364-47EE-901D-12B23F78F382} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3303.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFA4321B58A9BC00B0.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5b3015.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3C4B.tmp | C:\Windows\system32\msiexec.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\NDP48-DevPack-ENU.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\ndp472-kb4054531-web.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\NDP48-DevPack-ENU.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{6A52A14D-1237-4C87-9D1B-FC5E05DF23EE}\.cr\NDP48-DevPack-ENU.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\ndp472-kb4054531-web.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | F:\9ce405a5eb6953b779bc196566\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001d3755855d3e98e80000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001d3755850000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001d375585000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1d375585000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001d37558500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | F:\9ce405a5eb6953b779bc196566\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | F:\9ce405a5eb6953b779bc196566\Setup.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133763272201408632" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|TlbExp.exe\TlbExp,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="X86",fileVersion="4.8.3928.0",cult = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e002e004d002a00730049007d00680021002800450044006700450040003700350051004b004300750000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5350C949C171F084C94F2DC5E906EF88\Servicing_Key | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|x64|wsdl.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\28D1962B71B172844B286D467C3D8F26 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\28D1962B71B172844B286D467C3D8F26\5EE9AE4AFFC7F5C41B959B4B5E2DDB2E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.StvProj.10\shell\open\command | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.stvproj | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3FA5405E3D35B5331B0E94C9A2689CC6\5350C949C171F084C94F2DC5E906EF88 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NetFx.MTPackLP_enu_4.8 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5EE9AE4AFFC7F5C41B959B4B5E2DDB2E\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.svclog | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|x64|xsd.exe | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|SvcTraceViewer.exe\SvcTraceViewer,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="MSIL",fileVersion= = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e004400440059003600500069007d004e00690042003f002a00380067005f002700290045005200520000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5350C949C171F084C94F2DC5E906EF88\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AF2B65574636EE7409D1212BF3873F28\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5EE9AE4AFFC7F5C41B959B4B5E2DDB2E\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NetFx.SDK_4.8\ = "{949C0535-171C-480F-9CF4-D25C9E60FE88}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.StvProj.10 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|wsdl.exe\wsdl,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="X86",fileVersion="4.8.3928.0",culture= = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e002400530073007700770072006f0055007e004100260075006a0031004c00720044005b006a004b0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5350C949C171F084C94F2DC5E906EF88\PackageCode = "4CC9C6CCDCDD41C4181E0470EE947D0C" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AF2B65574636EE7409D1212BF3873F28\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1585FAAB9570D2241A9E0960B1951788\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|x64|MSBuildTaskHost.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|sgen.exe | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.StvProj.10\ = "Microsoft TraceView Project File" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3FA5405E3D35B5331B0E94C9A2689CC6 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|x64|TlbExp.exe | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|WinRes.exe\WinRes,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="MSIL",fileVersion="4.8.3928.0",cul = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e0064002500640061005500480075007100640043004500790071004e0053005700730033006000450000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|WCA.exe\wca,version="4.0.0.0",publicKeyToken="31bf3856ad364e35",processorArchitecture="MSIL",fileVersion="4.8.3928.0",culture=" = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e006d00520055004500400076007800630061004600600056002900480076006b0026006c006a00450000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AF2B65574636EE7409D1212BF3873F28\Provider | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|wsdl.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|xsd.exe | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5350C949C171F084C94F2DC5E906EF88\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|WCA.exe | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|x64|SvcUtil.exe\svcutil,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="Amd64",fileVersion="4.8.3928 = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e0068007400760065004e0045004f0041003200450043003900710069005f004600300045006000420000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|disco.exe\disco,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="X86",fileVersion="4.8.3928.0",cultur = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e002c004f0064006c0067002b0050005200550045005a007300730071007100740035004b004900680000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|SqlMetal.exe | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|SqlMetal.exe\SqlMetal,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="X86",fileVersion="4.8.3928.0", = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e006a00480059007200730079007e002700210042005e0030002900540033007800420030003d005a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5350C949C171F084C94F2DC5E906EF88\SourceList\Media\1 = ";1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1585FAAB9570D2241A9E0960B1951788\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NetFx.MTPackLP_enu_4.8\Dependents | C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NetFx.SDK_4.8\DisplayName = "Microsoft .NET Framework 4.8 SDK" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|xsd.exe\xsd,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="X86",fileVersion="4.8.3928.0",culture="n = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e005300350058002d005d0057004a007400240045005e00680055004900560065002800350058007a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AF2B65574636EE7409D1212BF3873F28\ProductName = "ClickOnce Bootstrapper Package for Microsoft .NET Framework 4.8 on Visual Studio 2017" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1585FAAB9570D2241A9E0960B1951788\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1585FAAB9570D2241A9E0960B1951788\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|x64|disco.exe\disco,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="Amd64",fileVersion="4.8.3928.0", = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e0041002d0032006b002d007a00620041005b00440021002d004200430072004b003f0056002100360000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|sgen.exe\sgen,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="X86",fileVersion="4.8.3928.0",culture= = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e004b004d00620051005b00410026005d003600440057002600640068007a004f00250047007400560000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AF2B65574636EE7409D1212BF3873F28\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{362af3ba-ef6b-483c-9cb9-8033838e8b7d}\Version = "4.8.3928.0" | C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NetFx.SDK_4.8 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|x64|MSBuildTaskHost.exe\MSBuildTaskHost,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="Amd64",fileV = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e007e004300500054002a006e002a004a002a00350071002e005400330055002b0074002d0040007a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|WFC.exe\wfc,version="4.0.0.0",publicKeyToken="31bf3856ad364e35",processorArchitecture="MSIL",fileVersion="4.8.3928.0",culture=" = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e0021007900760060002b004600490056003d00430079006b00260026002600750048004c006600480000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NetFx.SDK_4.8\Dependents\{362af3ba-ef6b-483c-9cb9-8033838e8b7d} | C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|mageui.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|WSatUI.dll | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|x64|xsd.exe\xsd,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="Amd64",fileVersion="4.8.3928.0",cult = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e0065005e002a006c006d00440069004200320043004100700030006c0030003f002400390069004f0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AF2B65574636EE7409D1212BF3873F28\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{362af3ba-ef6b-483c-9cb9-8033838e8b7d}\Dependents | C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5EE9AE4AFFC7F5C41B959B4B5E2DDB2E\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|TlbImp.exe\TlbImp,version="4.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="X86",fileVersion="4.8.3928.0",cult = 3d0076007000690057005e005300580031003f003d003f0071006f00450059006d00530025005400570069006e00530044004b005f004e004600580054006f006f006c0073004d005f004400440046003e00680073003d0061006b007500520048006f00440035007800380079006e0024007500600071005a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft SDKs|Windows|v10.0A|bin|NETFX 4.8 Tools|SvcTraceViewer.exe | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AF2B65574636EE7409D1212BF3873F28\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AF2B65574636EE7409D1212BF3873F28\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\NDP48-DevPack-ENU.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 899872.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\ndp472-kb4054531-web.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 229479.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\CRIMSON.rar"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe
"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"
C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe
"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9ea723cb8,0x7ff9ea723cc8,0x7ff9ea723cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3596 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6264 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1836,4045471031831502965,10899946312022919360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6736 /prefetch:8
C:\Users\Admin\Downloads\NDP48-DevPack-ENU.exe
"C:\Users\Admin\Downloads\NDP48-DevPack-ENU.exe"
C:\Windows\Temp\{6A52A14D-1237-4C87-9D1B-FC5E05DF23EE}\.cr\NDP48-DevPack-ENU.exe
"C:\Windows\Temp\{6A52A14D-1237-4C87-9D1B-FC5E05DF23EE}\.cr\NDP48-DevPack-ENU.exe" -burn.clean.room="C:\Users\Admin\Downloads\NDP48-DevPack-ENU.exe" -burn.filehandle.attached=608 -burn.filehandle.self=756
C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe
"C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.be\NDP48-DevPack-ENU.exe" -q -burn.elevated BurnPipe.{E49C1251-964B-4738-B2AC-408FFBE44C28} {32A13EFB-2F42-45C7-98CD-4304ACF43464} 5704
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 84CAA353B62A755819E9979CCF147648
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 199D18067D34491F70D00F1489F7B5F7 E Global\MSI0000
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\aspnet_merge.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\aspnet_intern.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\AxImp.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\AxImp.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\lc.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\lc.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\ResGen.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\SecAnnotate.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\SecAnnotate.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\sgen.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\sgen.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\SqlMetal.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\TlbExp.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\TlbExp.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\TlbImp.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\TlbImp.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\WinMDExp.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\WinMDExp.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\wsdl.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\wsdl.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\xsd.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\xsd.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\xsltc.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\SvcUtil.exe" /queue:3 /NoDependencies
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queue
C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe
"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e627cc40,0x7ff9e627cc4c,0x7ff9e627cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1900 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1940,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1960 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4280,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3564 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5180 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5152,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4756,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4668,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5480,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5000,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4552,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5740,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4468,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4532 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4540,i,11769185650757889847,14886893627484365688,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9ea723cb8,0x7ff9ea723cc8,0x7ff9ea723cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
C:\Users\Admin\Downloads\ndp472-kb4054531-web.exe
"C:\Users\Admin\Downloads\ndp472-kb4054531-web.exe"
F:\9ce405a5eb6953b779bc196566\Setup.exe
F:\9ce405a5eb6953b779bc196566\\Setup.exe /x86 /x64 /web
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,11991166012404539448,12545833549841117967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe
"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"
C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe
"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"
C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe
"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"
C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe
"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"
C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe
"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"
C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe
"C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| GB | 23.73.138.131:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 23.73.138.57:443 | www.bing.com | tcp |
| GB | 23.73.138.131:443 | www.bing.com | tcp |
| GB | 23.73.138.131:443 | www.bing.com | tcp |
| GB | 23.73.138.57:443 | www.bing.com | tcp |
| IE | 20.190.159.4:443 | login.microsoftonline.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| GB | 2.16.233.202:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| GB | 2.16.233.202:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| IE | 52.50.167.147:443 | w.usabilla.com | tcp |
| FR | 3.164.163.59:80 | crt.rootg2.amazontrust.com | tcp |
| US | 20.9.155.145:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| FR | 3.165.112.28:443 | d6tizftlrpuof.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 28.112.165.3.in-addr.arpa | udp |
| US | 20.44.10.122:443 | browser.events.data.microsoft.com | tcp |
| US | 20.44.10.122:443 | browser.events.data.microsoft.com | tcp |
| IE | 52.50.167.147:443 | w.usabilla.com | tcp |
| FR | 3.165.112.147:443 | d6tizftlrpuof.cloudfront.net | tcp |
| FR | 3.165.112.147:443 | d6tizftlrpuof.cloudfront.net | tcp |
| GB | 104.120.140.163:443 | download.microsoft.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| US | 13.107.246.64:443 | consentreceiverfd-prod.azurefd.net | tcp |
| US | 13.107.246.64:443 | consentreceiverfd-prod.azurefd.net | tcp |
| US | 13.107.246.64:443 | consentreceiverfd-prod.azurefd.net | tcp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| IE | 34.251.14.134:443 | w.usabilla.com | tcp |
| FR | 3.165.112.206:443 | d6tizftlrpuof.cloudfront.net | tcp |
| US | 20.9.155.145:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| JP | 40.74.98.193:443 | browser.events.data.microsoft.com | tcp |
| JP | 40.74.98.193:443 | browser.events.data.microsoft.com | tcp |
| JP | 40.74.98.193:443 | browser.events.data.microsoft.com | tcp |
| JP | 40.74.98.193:443 | browser.events.data.microsoft.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| FR | 3.165.112.206:443 | d6tizftlrpuof.cloudfront.net | tcp |
| US | 199.232.214.172:443 | download.visualstudio.microsoft.com | tcp |
| FR | 3.165.112.206:443 | d6tizftlrpuof.cloudfront.net | tcp |
| FR | 3.165.112.206:443 | d6tizftlrpuof.cloudfront.net | tcp |
| FR | 3.165.112.206:443 | d6tizftlrpuof.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| GB | 88.221.135.27:443 | r.bing.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| IE | 34.251.14.134:443 | w.usabilla.com | tcp |
| US | 199.232.214.172:443 | download.visualstudio.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| GB | 104.86.110.115:443 | tcp | |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 25.135.221.88.in-addr.arpa | udp |
| US | 52.182.143.209:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |
| US | 20.9.155.148:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 20.9.155.148:443 | westus2-0.in.applicationinsights.azure.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\7zE47424688\CRIMSON\workspace\.tests\isfile.txt
| MD5 | 260ca9dd8a4577fc00b7bd5810298076 |
| SHA1 | 53a5687cb26dc41f2ab4033e97e13adefd3740d6 |
| SHA256 | aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27 |
| SHA512 | 51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7 |
C:\Users\Admin\Desktop\CRIMSON\Crimson Best.exe
| MD5 | 81871a76907102262ecaa64aa1f84772 |
| SHA1 | 53e4c273523b91956b6a054506e7ff3888fcaaf1 |
| SHA256 | 3321858f43e2ad8247ca62770833096700008c15fd10511d463b1e0f6071ccad |
| SHA512 | b656d9251066bf51e319b77fce7db633a75ba5222b8a229bad5c976f15da5e7d075949d1ad4d4f0f74a752f8a29c7b49c8554174acc2b9eaa5136e4641197e76 |
memory/2640-182-0x00007FF9D8FF3000-0x00007FF9D8FF5000-memory.dmp
memory/2640-183-0x00000251E9BD0000-0x00000251E9BF6000-memory.dmp
C:\Users\Admin\Desktop\CRIMSON\cxapis.dll
| MD5 | 4ae4a4a268ccd36acffa1674ebbf910e |
| SHA1 | b3737ff0d2296a6e5b652af1a4a519f2b336295b |
| SHA256 | 910716461ccde7774e637f214bc1de262dce0c371751a585ed1dcf84ee748faf |
| SHA512 | 5c80f85cdeb634be6986131c974b7a400a6cbac4b33e0a9c0523b679df2fea821322d32c8cb1870d6ad07bb5d1e9c35123cd89724de1a6b359b252ecced567be |
memory/2640-187-0x00000251EA020000-0x00000251EA028000-memory.dmp
C:\Users\Admin\Desktop\CRIMSON\Guna.UI2.dll
| MD5 | c19e9e6a4bc1b668d19505a0437e7f7e |
| SHA1 | 73be712aef4baa6e9dabfc237b5c039f62a847fa |
| SHA256 | 9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82 |
| SHA512 | b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de |
memory/2640-189-0x00000251EC510000-0x00000251EC724000-memory.dmp
memory/2640-190-0x00007FF9D8FF0000-0x00007FF9D9AB2000-memory.dmp
C:\Users\Admin\Desktop\CRIMSON\Monaco\index.html
| MD5 | efd81d18eef80e7a5cc70db71d658067 |
| SHA1 | 98b0b7b9c738705263d92b41ef9f810a2f2cd849 |
| SHA256 | 38df7c585f0775d175435305f709b7418d60a98e17d542299e2ccb35c4cd2726 |
| SHA512 | 9a46cd4abc069ad2c7247863c6e9a29bf546f47150ac41feac448bf8d092672e42033e386dcb55a80d9e61c79458cd8589b5587b018e0fe852fb13dd8053b4d4 |
C:\Users\Admin\Desktop\CRIMSON\Monaco\vs\loader.js
| MD5 | 8a3086f6c6298f986bda09080dd003b1 |
| SHA1 | 8c7d41c586bfa015fb5cc50a2fdc547711b57c3c |
| SHA256 | 0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9 |
| SHA512 | 9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017 |
C:\Users\Admin\Desktop\CRIMSON\Monaco\vs\editor\editor.main.js
| MD5 | 9399a8eaa741d04b0ae6566a5ebb8106 |
| SHA1 | 5646a9d35b773d784ad914417ed861c5cba45e31 |
| SHA256 | 93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18 |
| SHA512 | d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8 |
C:\Users\Admin\Desktop\CRIMSON\Monaco\vs\editor\editor.main.css
| MD5 | 233217455a3ef3604bf4942024b94f98 |
| SHA1 | 95cd3ce46f4ca65708ec25d59dddbfa3fc44e143 |
| SHA256 | 2ec118616a1370e7c37342da85834ca1819400c28f83abfcbbb1ef50b51f7701 |
| SHA512 | 6f4cb7b88673666b7dc1beab3ec2aec4d7d353e6da9f6f14ed2fee8848c7da34ee5060d9eb34ecbb5db71b5b98e3f8582c09ef3efe4f2d9d3135dea87d497455 |
C:\Users\Admin\Desktop\CRIMSON\Monaco\vs\editor\editor.main.nls.js
| MD5 | 74dd2381ddbb5af80ce28aefed3068fc |
| SHA1 | 0996dc91842ab20387e08a46f3807a3f77958902 |
| SHA256 | fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48 |
| SHA512 | 8841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e |
memory/2640-199-0x00007FF9D8FF0000-0x00007FF9D9AB2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cb557349d7af9d6754aed39b4ace5bee |
| SHA1 | 04de2ac30defbb36508a41872ddb475effe2d793 |
| SHA256 | cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee |
| SHA512 | f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a |
\??\pipe\LOCAL\crashpad_2044_JGNJVDFGWJEUVETU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d6a072a1d529a550d282ef6533441e8 |
| SHA1 | f77750c23aa3b21f5e8281adf32e5934b092f32f |
| SHA256 | dd5b691ab461da46ca9e27f56dc93be096278367ce6f85c3c3f3ff45f694ee81 |
| SHA512 | 29354362ced2b29085b71b667ad9633801ba590c49c021c069db93b1c7df7a7af0b050a2297d397c9e2a2657d31308b1bc6221e0f762449c5997a7a73136c796 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aad1d98ca9748cc4c31aa3b5abfe0fed |
| SHA1 | 32e8d4d9447b13bc00ec3eb15a88c55c29489495 |
| SHA256 | 2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e |
| SHA512 | 150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 82fe1e0852d1b4241b4606de4e112697 |
| SHA1 | d8c6975aef411d7e60fea011ca7b0f5c955a547c |
| SHA256 | 75e34246ad311e211888b78e4ca1713bb2984aa9aa0ac511e660de2a2df5e451 |
| SHA512 | 3196044e617df46a0590e9ab1d753d4549df3fcf19abb56c027f48821e100b051d161577b3169763b6bb41e4602139a34fa295a140deca01aaf14705f81726bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b61c9fd23f0a0ab67f31ec54072b1cda |
| SHA1 | 827179cebf4b14106b7ae3bdbac80c9c125257c3 |
| SHA256 | a57cc84db76f841b6f94d049df5c6d98754471a5926adcc94163ac7f1942f366 |
| SHA512 | 4a6b87e45bbf6f3bf3c8c5831a80e7547a46012b8edcc569d30e958f02047127ffc38a2f534a1d04e5cabc7661ba9710099b45b89848f42208a7e470e0082d57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 07cdb7425300524950567367e323b65c |
| SHA1 | c3486ac860d98b67afc3104e570bf5886138b54a |
| SHA256 | 1bcae461cdbec67bab2b6fb48c88f30d153a335c2c09111e26bc90f94c4da675 |
| SHA512 | 3647d297f682f468a294928acce34bebc30065e801b1577e2987eb49dd725d27efe4696d1c3d4c7ad21a6aa33b7ae6d76f8818b7fbd57a5c4af4be347adfabab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bbaecec8cd045602b41cfab19572a0cc |
| SHA1 | a4005bf4c18233264dfab9c92da5fb55d4f8f33b |
| SHA256 | 26284967ebebeef62d7d45daea164036d64067cab742ab373920882228915650 |
| SHA512 | 5e3727a5c9fc83a18442e5f463f9bc4d6fe214f1c4edd032811c0043f8f15b32c49bbacd077a83c8987a51996a2d17b6842e00e450e95c6773a84e5ed6cd6f43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595d0a.TMP
| MD5 | 338fb306ea8fc42507e8fcb11e1be733 |
| SHA1 | 22562209af1252ffc067674071b02f29045e73ee |
| SHA256 | 33ec17bbba5074854104088ddd488a0ddc7a3ea6d7105153e879368d7b8d48f3 |
| SHA512 | d7c0840bd51e8e2be06b370711f71f3cb1a4ad14e1fcad054af983a16ac38d7150d6ea5eee6bd8640c57bb85b3afe4844582c557e80117770115a356e4636a3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cdcc119ccc135998697e86833e8d9303 |
| SHA1 | 93629801efe35827abfa146509f461404127c4f1 |
| SHA256 | f1391a0d68324ba1505d1ec47a1dafc4aea55ec233dad0b52037a86226ad42ee |
| SHA512 | 4abb2cbda8731a39cc198e8abb65480676b6acc4c13cd6ebbc2f5a2dba3ed44fc3136c5d88df9f6f52ff7de43d1f2a94291bbf96e72898ad86ac5f139d46876b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 473f108eb0bd93891357412d701ae949 |
| SHA1 | 2f1a60cb69411d781cff70f77c4b4be10b0ecbff |
| SHA256 | 3163c605f5bd9499cc10734fd35404ff2655f9e49ed47b68ee51ba0ed78f156c |
| SHA512 | c16d392c533c959516711abd14b9d2a81a4a4619dc4b666b1422e57de14374f1e38e595c309812eedfbd8d168e9d5d28d1460607bfa22d0e7ed270623fc74b2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | adbff0d98ee5717673aa9d9aba7d2d3d |
| SHA1 | a0c26894596273844744bad3f69539e994ee63ab |
| SHA256 | 260376f4f8455aa94511a980fb272cf44852803eee7cd857a8746683308d4cfc |
| SHA512 | a1b9e5499b264e3b55a6b8feacd6f1799b692a68c610e07c22016f67fcc88f7cfeace024f9ed5b8da24a8a08d77b42f4919edf29b581a3cf9272feb04a3991da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b875f275c6650a0210d7d4d08fdbdf1c |
| SHA1 | a1eece66ee25482adfa09d1c9ca88961c95c3843 |
| SHA256 | b1c7a91bfc6d009759c79198ed3f567df34ab6342c861f183588ed032acb3188 |
| SHA512 | 852820d5fb330f5e306d612f1dcf9b08e2ccdb5bcaf96e9bf7fe3a4e9fafc2559d2b88d60aa3332216cc5c04f24182335deb8c4f76e20715afe5b8f4f9f10bdb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 17464f7ac892500c4da8fc806dea6928 |
| SHA1 | 6659761a04b4e0da4d4360eb8ceb5168ca13a694 |
| SHA256 | a85b68541fdffc4acb18cf626d61926b4cef2d3856884d16818adde629e5153e |
| SHA512 | 5e3840a9412c801df11bf4425ea17a34a640ae34dab0697139c04501f5e25a15e653cd5a3101a48c2bba2d84de83c418a5d39015055434e97b9f69307cf2e9d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 98b80b052b896102ea1f22f06815c697 |
| SHA1 | 1bea82b1be8fb1e4855b74d43449e11692388741 |
| SHA256 | 8841d3c2f0f522d58006bcf9b360d52c6befadd2015e3e7aa3d2c9563f1844b7 |
| SHA512 | 00462cfb549d82959cca54aebd05214f2df567e4a33ab31e08507130715522554851c3635ad698324582177e303bc9c224a16094b179109548ae2b728d334c7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1d7dddfa14e0a65ff99649deabde4749 |
| SHA1 | 2345e4fd8bed25f1b82d0d5dee64b88c2ea7496a |
| SHA256 | 29a60b8fcf7077402daf4e62c6fdb275a897a5a3321dbb514ab1322c88527854 |
| SHA512 | 219ab30072b97fb51211ccd9f0c3da21730805e51745359e6a2a1876b1d7b2a007d762d23bcb5c57cfa0678798b4048c6f0b6eacc9081ba66d52d4d9d32ae4e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 572c98ebe34bd93d74c8841c10d2c754 |
| SHA1 | bf04c52ac0421abb474316dd32fc58626f0e6bf3 |
| SHA256 | 4632fa51ce790e9c4fd39ea29ec4b34d619af20087c31d1f5b5b0e81833460b9 |
| SHA512 | 7add1844e163f270c51f401a3d1866a6a3a451253db1f62cdb8d80507854db89bb8bc3cb5a09866895bca6c4bab7f0c9effe8a2ea9c86e8c259e2dda6433c268 |
C:\Users\Admin\Downloads\NDP48-DevPack-ENU.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Windows\Temp\{6A52A14D-1237-4C87-9D1B-FC5E05DF23EE}\.cr\NDP48-DevPack-ENU.exe
| MD5 | 562cf2fdf320cb1025e32c7c396e7983 |
| SHA1 | 80b2dd54bdde42400dbbb2b6de262630f90f4948 |
| SHA256 | 6901d6e6c6e19f32caf39dc8022da2fa009a8c6f6a187a59b4c6eaacaa8bb158 |
| SHA512 | 3f874403a4562120c235aad3daddce084c4a94d5623aaa03bb3e2e1efd7b06a9953ed68ca36ca3842f0e82d2deca6203051bf3ecef2daeab5cc5dce8ae134647 |
C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\.ba\wixstdba.dll
| MD5 | f68f43f809840328f4e993a54b0d5e62 |
| SHA1 | 01da48ce6c81df4835b4c2eca7e1d447be893d39 |
| SHA256 | e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e |
| SHA512 | a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9d95072bbbe03b8f930195a50e0081ce |
| SHA1 | ef2562d649446abde97325a1d2aca116c5a28e54 |
| SHA256 | 4a25be21e5c8b460889fbe88baa884fccf749bb0661dffd2760e28f66c6777ba |
| SHA512 | 63a402fda13a2b1252666cf5f84b15e4d98b4ae783489bf4d562f12fa81404d4c2ad7968035ac0785a5b932255311044b1aa32b8c14ee1ca24b4e277db38be1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 51388739cc575f5e507dfc2c14c2daae |
| SHA1 | e988b72025d74c047f54c136afb6a77aeca4a936 |
| SHA256 | 79c2946f22b4d83f03262699d00932144c931310250216ba78056cf2ec232031 |
| SHA512 | 59b50086d7f5fc9e97ceca3637a2b152bd21949a7920e511d0220c6b6c7738c0d12ebba0dd408b3fb96a79ee1dadecf90022101608d957b5f65fd54296ad23ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 86131128b11b924805dd1aec203ce2c8 |
| SHA1 | ea1e30663eaed9b10e451cc7d9b1ef41394368f0 |
| SHA256 | 5be680b9e2d5d549cbc5d533b33b8818a771968902d2c9d43f1161a845e847a1 |
| SHA512 | ca4550402e3edb4332f9c77430148ecbaf3915b04bdd7c742cf05799b386ac49818407523cbcfb2bb024ff711649c725bf633f5e466d34be207f6f8dcf4344dd |
C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\netfx_48mtpack.msi
| MD5 | 627196e57ce6398f411bb5a2f3cb16eb |
| SHA1 | fbd983afa48a7956b6176a021459cab679cb059a |
| SHA256 | 67865eed54de0733aa605eebb4e3a10c675b4dc9bc5b5641c6734d3c9ac761a3 |
| SHA512 | 28994ac1d3fb254aa79ea581039262299aceb3c62223d0a5f78b0694c8fbd74c05a4880a7795cd6be68e11b455f9342bcd9ae1bb4e82c21389834cfdb0438a61 |
C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\cabB71FE2B0D8117D89E552B3447A6D2058
| MD5 | bc1d0797bb085ce67818693d4ebb9bd4 |
| SHA1 | 6f515e68b5d1cff2e817ca303dcb088a449c4ce2 |
| SHA256 | a8ef3b350d0c379101b08ed48f9c3fc033d8d6cc27be52e3aba8ac0cd4444679 |
| SHA512 | f006bbe7cb933ce1ff88b9690618fa259006e7138bd7a341363d34046eb3c108c09372564e0f801985e1210ade7cf88efa90ef620529730a1c2c5ae113a86a7c |
C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\netfx_48mtpacklp.msi
| MD5 | 5bd90f0ba47cc8dd6a79ba27f5ca8c1e |
| SHA1 | 2742b75e703bcee7f982a77d14ae2adb8e73cb6d |
| SHA256 | 704df3f7317c52c028e2cf06fc6f8b1b306a27494f8aad513d8250fe835aaad8 |
| SHA512 | 9ef6d9b176a7d527b66ed89674151f1873dd3fb0a6f426246c3875a4ccf762eac52e2ef80573e91fb38bca9c9c55cd6de4cf42e5abd13c288603350e0dd6f36a |
C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\netfxsdk
| MD5 | 6c372859cd7f3815d0fe8b9b3b64ebcd |
| SHA1 | ed6fc350ea4580c74690ab5fa5c573811000422a |
| SHA256 | 61c76da293738f93fd0176837e5e70bf414903ecb527a7fc25fc7c862066f5bc |
| SHA512 | 252a0ec388c761848186aadce5eb25d79e273dd3bfe82fb35e5b068c5c02a71155236f24fe4f6cadf4ea70066b941ffcd90315cb36da9183bc8eba44b599c004 |
C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\cabD1E074B22EF2F28C6191A59D9CF2A472
| MD5 | e5539e2120a3c3ed69bb9541591ba6a0 |
| SHA1 | 0beae4dc94a19950c49e40f958bd4563da548cd2 |
| SHA256 | 131fa7cd8d661a151a13077a4bed21a4d187c5070b223c28fcf1a2bd1243d817 |
| SHA512 | 5483571270258ec0d6ad6afd878a3ca680a5a27db7804e138cd6c02556c4e1d38a7650e81412a0b4431c48069449f31b20091cacff53bcb55d99a0ef0fbfa8db |
C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\netfx48_bootstrapper2017.msi
| MD5 | 3cf1a83d85315e602958c635e31795c2 |
| SHA1 | edb04a07ca679bb5760b56a7d2e72093f2f417a9 |
| SHA256 | 66ec65382ffc519fafe2a733af5e8b51d8987cdde12889c05d6438b9c8eb586d |
| SHA512 | 7b9f327933138844a34e59cbb13c505d668cddf695084e460a07d300dccf31e1b80378a0399b739d2346fbaf4d90910f150d7fe87a5e2b3efdcd5c901b7ee21e |
C:\Windows\Temp\{61C9B9EC-F858-465B-BB83-A18B4E5706DE}\cab76FD31F69F3B3E0D4BDD223DDF5443A8
| MD5 | a7473d5e7524a8a12b28a4c9579e625d |
| SHA1 | f2e77c98c3fb08c2e57e2dd19fc38c4262b51a02 |
| SHA256 | 5fb68d7868c8baa2bfafc4b3112053e2e2308cc2bd53bd16647b690fff65ab2c |
| SHA512 | f0572ba179634493c409fb9ff23be4cd3af504bc42b75d7b8cc379507108f2a1a35ee7917838b1beb09db99f5f44cc72bfe25129c99c54ba3d4c7c69c5f0e5b1 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_Framework_4.8_Developer_Pack_20241117142456_000_netfx_48mtpack.msi.log
| MD5 | 2f8d63ae24a87da7fdc751b6d77167b2 |
| SHA1 | 996711fa012ce6ccd6b63b06f76be319fdc9ac61 |
| SHA256 | 5328994d2935bfdae27e12cc3d27d56c19458f36cad2908fc7858d2fe9a722d3 |
| SHA512 | 3fe37ac9be70bf094794dd8af80d9ed1772272c0c1bdb2b2f762f3f53796a974966efc68d9ffb5109bae018c3c433efd6dd760fe1d7aa6aa6a1b7ae4a093de71 |
C:\Config.Msi\e5b3018.rbs
| MD5 | ddcd8ce269e07f953df33b4e8b5e7f10 |
| SHA1 | eb39f6c4370441f8ecaf9c46c5d89708e380dfa4 |
| SHA256 | 0bccd20544c458e8ab347ada3f747d3ac53bee6eb138d6e53a34806e362a4e47 |
| SHA512 | a37a6e9576d5c4c7a2a6dcfa71fc10d5e457c28efd48f2ec238f68bd62da447c6b45d32e80905717645f9505d55ac6778d4991ee8723a32fe76e043fbf02037a |
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_Framework_4.8_Developer_Pack_20241117142456_001_netfx_48mtpacklp.msi.log
| MD5 | 0607930ed8ccea0c5eae53745daae038 |
| SHA1 | b260df0e5e6f795627324cf9cbf9feaa11653060 |
| SHA256 | 6925a5ee0345372fe5a1552c09ba380035aef6010a9264e0a32dd2145cf4243b |
| SHA512 | f3e0074300bb75b65e6eddd470304267c84ac6e76b24300e0d6b5d31a729fe28d9414d015406443b55e8f3040ff8696e71b8e330335de06bf56fbd968a0b4545 |
C:\Config.Msi\e5b301d.rbs
| MD5 | 62f33e8d554091e5bcb4b1f2aec7a8cb |
| SHA1 | c595d3c6e8eafbf18d6323619569a13889e510dd |
| SHA256 | 54931ae91b221347ff500d2af80ec29a25004162eb560a84671fff614204e905 |
| SHA512 | 7944e20dacb25ba199226451db2cbfd60ce35ba398fe4d960c8b7cf791960f3a22efd19cf65e86de27de02c4ebea787502ffa63a0ca93d15cdeb3d1a336fe485 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_Framework_4.8_Developer_Pack_20241117142456_002_netfxsdk.log
| MD5 | 9b27da5d462582af2d461a70475bc93b |
| SHA1 | 2c0ee3ce35e6d58c0efa9c84085705ab1699c715 |
| SHA256 | 06ab5ff9b9658d09e400be899447da1cdb157fe71b673c98ae567cec5c221aa9 |
| SHA512 | d8687dfc592965e80f5fbddbf6af7f783766d0be4305c2111012cf1ca910f9bebfdd027d5a24d48304af01d238aa065d6f4dad5fc7e46dab20220975b634244b |
C:\Windows\Installer\MSI41CB.tmp
| MD5 | 4e73a312f7f849278a5511d4ced5e641 |
| SHA1 | 1397d9d1db40d29e6d08fcc34cd213e88274a35b |
| SHA256 | a459c886f0bae7019994f73c11f4f308266b1f2954996c43938e24f6d4dd2dd7 |
| SHA512 | 4692b891f74de1d4929afea4169430940e34912b402df92c6d20299ae1cd6418b66d050e876fda30ae2ae451bac07451f26dfbf007b2311f8e6595202d214fb7 |
C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\x64\PEVerify.exe.config
| MD5 | 7033a6fa2f8a457716f6d642137cc7db |
| SHA1 | 7a2cb4bbf68074357e450d6cd6fa9e4fcaf0ed2a |
| SHA256 | d1e116f59c6cf832090da36f95725827a7f5edb3173cbce13ffedc4fb6b61d2e |
| SHA512 | 7b3f7532c57590f16bd79a37b66392aed73c1bb2ecb185273e229b32a722ca7a96051f419a42e1df1f28132190170625a09e5354a26773d2482fc749f15ca9da |
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log
| MD5 | b4a15b755cef59e96ba1a32f7b9e6533 |
| SHA1 | 89ccb024e9705eea3d01bbce384bcafdbdf03d8f |
| SHA256 | ba5c11698390df5ab82e6c085990548ad75eb35bd6102f20f33f42236fa6ee92 |
| SHA512 | 76f3675c8cd8fea27dc1ce53dcdea0f33b144d41d4d21034dffeda4c6270ce57b728f03dd23e44ed393bcf7a65d7a9d0af6354a49f367915e11dbd3a00c0565c |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
| MD5 | a03b77a967693e3569808a00c77abd01 |
| SHA1 | 9e25caf21091f1eb3cdaf266773ebb675449ebd9 |
| SHA256 | e462a7f388bd2a8e0e16c507d7b8f11264743245213fa0a4f98bd0123ba3d5df |
| SHA512 | d328e10960f9c03e17915a152e090f4e8f42d48fcf9cf2129955eec8011ca62b252adf48b9effb362b2c4c4da8bd38b675883424f47f7f3348bf62381005215f |
C:\Config.Msi\e5b3022.rbs
| MD5 | c9dc97093b0544e1c6252d03f1935b53 |
| SHA1 | 49249c1d7fbe3072ef28d8ad7c21bf4e9d02d01c |
| SHA256 | 35d13f623b06f3483461fdfc1c7e40bd5f090dab5da6d45e59860fe0ed09e874 |
| SHA512 | 7d574a7b799b6409c69bff698cdbcf4f0a6ac6786beca5dd03355394e8a3f40ecbdcfc982389efd020881a1bab236626fa1baa493b6121c546a8d1532efcbc7f |
C:\Config.Msi\e5b3027.rbs
| MD5 | 21cd46cada64abd448dffddc4bd03cd4 |
| SHA1 | 55d8a401891aeb24e1e693523680b2401338cf76 |
| SHA256 | c23be044c1dc6a234244a9124ce2b54cf88314e933846ee84393f3f374247fc1 |
| SHA512 | f6cb7251ebff685cd766c720a166a64534b2133d6e33b24ba99fd6575fc8b40ddc532c218b2a97bc46d6bf2fd3f0ba9ce52f892154d30a10893370cc90c847dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\279e2cee-1132-49ed-8253-ef8f6ce367e2.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3848_557081031\00a176b5-ef58-4638-a5be-55577cb4f9c2.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3848_557081031\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | b71b4a8c1bec2ccd69dcd23bd3d1388c |
| SHA1 | f084eb7adf9f3de4d7c4ef4799b7e5c3e5a29ec1 |
| SHA256 | 35bae798702245fdf85755dc7a9f7033db09a1f88aee41e55a69d8ced126b5a6 |
| SHA512 | a8398dd73b502cec92e00de49ae434701f29f1a26332e832072748b8ceba413f509f18ade85c59e60ba140903f3740bd95d460501c426c2e69101ae698c7ba35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6cef50eee71baf27849271443bb5f428 |
| SHA1 | df49a215d05fb536e167e9348794c30f52cb19fe |
| SHA256 | e3d57215356c47b725cb4112c67be9affa494f7a9fe4cf4db601f3f64dcc4b22 |
| SHA512 | 70f79262c5e5ca54851a18e45d3c8442870a5705c6b3664a4c9bc3994d374928a7b424af43ddae64e1da0bc32f5ac0c1bbe3eb05eb9f4a886420ea47eb4a211c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cee8bc9cef6545db43d499d74d09f666 |
| SHA1 | 222cc7c9c1b5ff8eae134499580abc433c3b8345 |
| SHA256 | 91ab89e0b6a2843c6dcccfe0eb3670349d45194be855d87cfa1b179ea2c35b58 |
| SHA512 | 5381bc121201341eb571c1dde9e126f1a4a13f7e89afcb107c6ed3f1788243491d554ac0beeb877e47e79797706aeb7e2cc10d6728e4dc040a205760c803fbe6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 16098fd8fd875cef228d48a90ae7636f |
| SHA1 | f0e87bbbabd2928514c0e525a6bfd5fbf6289986 |
| SHA256 | fd897e168107160e2977a618797da472c4cb43016c713bad357df63dfbaac952 |
| SHA512 | a9f6efa1e6518b6215ce366236a0bc6286c7d14a945ce98c673248dc212e03cff16d054d0ffa01e78880b4d5085a95e1bcc74fec1f3679662b80dbc6d7e8c53f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | dedeb731f9706cf76c19e1fe7c0134d3 |
| SHA1 | adb9a884a7cf004868d2cfdba4a7dc1d15922c1a |
| SHA256 | 9ffc874f98cf39a52c9771fed1cfa12b08dc93cfbd753a5279fbeb7fb2070315 |
| SHA512 | 26aa2e08af91183af2fa9887392534bcc8fbc86800e5dc7a0679d9497f46cc679b2a90d3cbbf804eefcf78ca789bd14239341952646398f1ec9d0185136c6de6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3c846e5bc2bc066528f01570063789a8 |
| SHA1 | a7cf56d44642f349a872dea2cf1e8b05520b42d1 |
| SHA256 | 50ef3610b6017b80c1b3163bd8e4b1c329e2e9f54a6750ed406f7c945c855335 |
| SHA512 | e7bfa7e7d53444c79db0274858da7c861746f00be0688aaa8e389493e81462c8a7441c5d831cdd12e7ac75b1921b80b81428f4a82c7a4d4295fcad95b9dc7af7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c260a130ef88a78d53ca282d172ea009 |
| SHA1 | bb67a17c21c6c08b9c83b7cd6606a1d931c10291 |
| SHA256 | 42f941b31a243b00aba603fa20c32d636306628bde2fb187ffd7ec1cd92dd6bc |
| SHA512 | 63d0199f12940f6b0bebcefdca1a6a54ea4e2daa054e41c1b80bfffc13c805daf5cab2ace3cd1fb66b73a2986b9bb4de5e0bd972cc5fd43f8026b6ae17eb40fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | a0becc5b05cbab1e4b1a4c493df8c305 |
| SHA1 | 7d3e8cbcf390480e27d36ee0fa95456409a67bc1 |
| SHA256 | dd3dfacc9ec808671396bba0ff26caee8813237113c183aad0357c1487d81b6b |
| SHA512 | b8c90e5c9b3f1a5c648e1f9e5c314af2c03720a93f1ba9b28b86294a1eba2fcf90163b61e5b47baf074aaf1ec8927c3e7b6ecd6a02aa0cc55a8eedf19e4e4dd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 490d4a0e2a88807dac87cb23607eddec |
| SHA1 | 8b0eb7153bc20850573148b489bb5c262d6bb4fc |
| SHA256 | 2840354b0a89b90872e8eb306483fdf28c01a20f6d3d25728da79fbbc0a4d7cb |
| SHA512 | 3cbab132a6679719e50cec36cdaa0dc65aaa88d3d8e192ae1179f4f0a7f1fb55001d864a459c050f5efda2be733d786f532b574a4fdfc7a2d6513aa781b1a8bf |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d6fe01e4c17f8c679f4f327f5ef1b0c4 |
| SHA1 | 276576fe11fe6a36c391c60197a93e2405aed919 |
| SHA256 | 2cfa5ea9d957a0454e2e0a05fb3a18266b10c5153656633fed989b1e79da8365 |
| SHA512 | 77feed5c16f661d448bed80d2638e60233bc1790e2eb319b3d5435f9ee4f4055869a7a60dffd43db2f113471693a3636d21bec3e0fa9589eea7ca132a7c4055e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035
| MD5 | 9196e81f8ed7f223d765423c1f9bc8a7 |
| SHA1 | 88f9d5c2a6908cf36b8daae803578ca9e1fd2929 |
| SHA256 | a4e2bcf7ef3c6c614c2142d3c1fd44caac4eafa86a1779ac31cba164e2d89cbe |
| SHA512 | e7d23866fcac017762d2e2f18597124e9147f458d30038f78ba9f3a2bcbe479fe4792573894370ce2d6f93a00401231d9f01955fde351ff982a82ba87a8241f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a
| MD5 | 2688aaa1dc30a3443123bdf980a35ac4 |
| SHA1 | 379b28a92cce713f07de8d149e8646cc5ac1a968 |
| SHA256 | c41d9474ca4e9fe7a3d35e95894f6d42b91e2404fa7ce5eb685d61aab514614a |
| SHA512 | 1fe884aff279d52d875fa0aed31f141aa27e18c3a6ade2da3f8d017e0fb621d1eaa5ae15da86bd7974f7c9e6a004a33f46fef4b9178f39fea13288ab64ac8346 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041
| MD5 | 5ad67628093b90d7b09f19fea57ebe1d |
| SHA1 | c983290e8692fe0d4a5a6f7354c27ad4c61a0221 |
| SHA256 | 4c79b51c58fa56da28c18b94f01cd86596fcceeabe3f7e624cfd355bb966b63c |
| SHA512 | 77831e58cad399009e784dca517836ed2a27237890f5ab63dda6409b528952313c33f76b689076162f239d3de2da1aa96d369c19a3a328da431ce712642574b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | adcc8ce3994778854acd29b0c74ad2db |
| SHA1 | 2fd581cbf3c0db780f59c0b38b05ad53980a9d3d |
| SHA256 | 2f25d790d7b18a1d68ca829825ee5a9068c8551a16e204dbcdce8fac81939d00 |
| SHA512 | 03c00656e9420f6bcce052dee809ce1e3756c597bf7f67a50a6c1b75220df6434717cebb4d42bf8f70637a4eaf04a67525a02110545114ee1cfa6dde80106844 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 93ca30deeba1d2c6690574d46e2c91c8 |
| SHA1 | e22a4b4c5e1dcdae790d24ddcf6b47820f557e68 |
| SHA256 | d470165ca0dc9d7e50d336d51c2083d95ec362a6dff290dd3f93befdffab8f8d |
| SHA512 | 391c84c324274e5df25a2a136c9bf12f91a4f791600f873625236fc1326942ff94aa62032d0a39e32c3c46fe3f9b917a3d6ccb39399cc31fca06bbf187e011e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 43a1cae2c6f6a989996fd85b3576c3df |
| SHA1 | 75adb94e2be04c2a8dcc334deeacd009a584d494 |
| SHA256 | 6868d4bf1dfd64c3a311972574d35e585cd13d09497826bc866f271f4ebeb2c4 |
| SHA512 | a60e4b860b0da9a4524c80a065377a4d5a4b0200f272ba9a3559703b8f64c90f85a298986a1bae0c89fda7d1f0e002af713bb45975044fc645d013fc47cda8e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044
| MD5 | 5aaa8c37cd59979b920cd21c4a50a38d |
| SHA1 | 0ee61e3b2d58513b92cf4c6b5114c1beb55539e7 |
| SHA256 | db6c6f42e1d56092fb2c3d317968077cb29435139274faefbf4ab7681955bec6 |
| SHA512 | 0fb4c45db9f29963fce195e79b4e9963e57a50ef0fcab74466d6034834e0099f1f344a8569973d4c1ece05d9b70b5938b42ead4fabaa08de7d24c911df28c235 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 13bff820b44e9cb4eabc1914cd3e8162 |
| SHA1 | 72588fc13c8cc8c09ecbfe9f071c85264c64f32d |
| SHA256 | 2da28f517d9f45700152ae12a3e2de7535d386df976610780d3233c70a2e0d05 |
| SHA512 | c90a3bb3643b3375813ea799de8a698468a915f4f842cb2f3dcbfcc4ef5dbf7b2ed878b1a4c5273f4da3f310fa2a2b7118beb6d4ad1366a97a53d64cb81c92c5 |
C:\Users\Admin\Downloads\Unconfirmed 311117.crdownload
| MD5 | b3844d880d71de6d787190d2e378101b |
| SHA1 | 0e1ec7c7e9e2c7678db5548de80fc5c57f97dde2 |
| SHA256 | 151b1c11f625e7122d517b6a1778841df8ff168d931c41730f59b9e4b8bcbe36 |
| SHA512 | 99b1d7f9264e7d5aea7b01b69ef541065030055a37cfd76f9846b3cc84fd6f2bab612042d68ddf992bda41553c493fb45830699ba5f56ab0aee200cc539cc5d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3d9e16965fda433b0e2512e450d588e8 |
| SHA1 | ca86abb5dd440e778622e61f90c509e92874699b |
| SHA256 | a180d02a54da36303f1dfea6ec6a723204bc2b4f92f5bb17e5843c788ddedc90 |
| SHA512 | 6fde0fe474da56f7b243d8d67f05eb0bf2ae516e9b6e0bf0a496af0060f75ea94480ff806f41681d1d23d1a14a3ad2360f03da1554d0f2ed49041728cb1687eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9211f0c6146a340a1b9f71d8bd802333 |
| SHA1 | 8eaffd4edc20f480ca35b862b3f6cb59fbbcf4d0 |
| SHA256 | fcfd49d4cbef66c79d6ef180c8634223a5ca5aa425d604ae3a124e9d86e6aedd |
| SHA512 | b5bf33cb6958dad59577b056a192ebce7903c9d8446b718d3bb56e51715f49dbcdfd707193a53ff8a5073695467f2f020cc1843c0b6f2d8709acc7c69d742ab8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9f0807009817fcbdc250b8b7b56d5080 |
| SHA1 | 65532815231f2e6fc80606cc920d75461a0cd8b6 |
| SHA256 | 1e88fc7e894699e0b3fde977922d98ff3ec06f4c1b24b1d16f1e3a9d7e9a2470 |
| SHA512 | bdd7c18ff8c4e6c1e952fb3c222cfc140d55d74c536b8b74428585c090c2b6cc9018da6acd05de9d1f2ebaf151e7765d11eb6077d01d183a0ca30e5100b0b85d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9a131d266aed1a48ead6acc39a6b3f57 |
| SHA1 | b5908bf887e20b4b1b6612a45bbca84ac7308a15 |
| SHA256 | c1238ec5339f0da3b340ef4e94b1061ea9578f42c23834bde6125b91e54b4b3f |
| SHA512 | 1c558b347ce059eae287acad211982213401db05b7b075e89e78519813df08fb5dccf48aa430967ceb3db12832e4ef0e0c54d7d00b045cd01a73b3f61c28e360 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 056ab58fc54ce7b1018654d057e8f046 |
| SHA1 | d55fb6c1edcc5dac87c090a6fed9b98dda5e1731 |
| SHA256 | 664ae5a9622f2d118bfab62497e123c1baace43912ed047c0232a4db1c18e803 |
| SHA512 | 2b965624df0c242d9cb3110084ba17ecaaaa4ff55c68f74cddfcdb375d0a032264b5a6e15f3770e147bb86bfe04d8c809fb8bac8ca068fbc6c112c6c376622e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a952b67001f0c7dd972bd90a25f6ea26 |
| SHA1 | 9be68a3703235f5cbcbb298e41ea17af6b11d4b6 |
| SHA256 | e6980d3b5a564e253f6913527b3fdd83dc4005645ce888e04cd5a4cbb5379713 |
| SHA512 | 96a6ca67e36eabf1f3bb3b1cb1687f678a40b785c6139a5f70a326204b870f943bca233efd98d90fdc1025ae35e89a1e1da45b0f8ebb71ad47a59cb294506f31 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8d223a11a17e61eef6f85d094e50aed0 |
| SHA1 | 3fac4f36b841d482ed282b9daa52a48d8e85c357 |
| SHA256 | 062b8994ec3213fd2c544ed33b5099863042f9218a980e6688665c44daeb7f12 |
| SHA512 | c1985b43dd0758d5c25e47f23d33df88635657c0735fa9fcdc00e80c04f0c3d1e6654d0f85a114805a3659cb8cddb282338f2f76941c1696039c7af4f094ad7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0a3c19c8a6eed137b1a83317d775fb69 |
| SHA1 | 243cce87f17374ad99b3c2e634ad4d5dfb701af0 |
| SHA256 | e95b6c33d91d5f708ae4d133fc8f06a880f45416d2d557bc1b1dd0fd914facf2 |
| SHA512 | 8c1bb45dfeda201b8c2555916f2f9711d3e6be8f310b71cd7b2514afed9733e9d6b23786f4fe959027a16522d8b1f7e611f9be72e1418fdf097610ef5ab52326 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f83baf8ce9a5e84e1fcf0d1756c206cd |
| SHA1 | 17b82490c0c252b9552c7964efccc3357329aa4c |
| SHA256 | 9f78d0ec56ba049b1f025a2f5f1280fa79b0ff5d9c29ad5fcc4e5a426059135a |
| SHA512 | 03d4294cf79c58ec5fbb84084cc93f4c11eb71e72eec647d5dd6dd566f268f7041166816edaa4b0ad5945702589a6eadc969ef22fc1f8c3949f8493a8d72f22f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1
| MD5 | 888d4c55cfbd8b2a3e98614cc0d79236 |
| SHA1 | a30ae535d82c78beaccbb626788daafa4f46e754 |
| SHA256 | cfa46d2a1ee9c607086850f4d8fbe37a9df8ec9716ed5933d1d37dd4a5dd118e |
| SHA512 | 226968ab1903c663a5dee14d975effd4fb058c0a699e3ae8a5dae180acb2a6cf997c4c0a823c8cc4f3e49459a2bf59a2b30546ecbec1fa70421425a0f74916fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 071939e7df8e6394dd92c773ebd10792 |
| SHA1 | 55e3eb70e9ee76c7e3741a5800b027d143adef84 |
| SHA256 | 89aad323ead59ffb39b295fa1af03f73d872359bfdd0059544be654e8cb8c49d |
| SHA512 | 1953b401de4d9e4962e804390bf34d9b655e753b415879bfbc7ba8e8f7dad3ae99c20295ebdd9e5eac2340963b6b8fcd54063edc7b97adc1d952385677295006 |
F:\9ce405a5eb6953b779bc196566\1033\eula.rtf
| MD5 | 47c47a12e6830b793150494d35d51637 |
| SHA1 | 87a11fece572f2a57982270533d6906daf7da218 |
| SHA256 | 4399b24e28becfb3bb2820daa09965860001492145fd7e2466da7b740c31855d |
| SHA512 | 1b85ff8f11afafaa7368e744d281d964313eb342d294cbbe0e1c5fab3c5e817ca2b58bbcd7fc87a556f7575fd8e9d7404eb0a4f8e045e4c446ba83398eab3127 |
C:\Users\Admin\AppData\Local\Temp\HFI658.tmp.html
| MD5 | 475958008713e900d6f3bf24d78c3e6b |
| SHA1 | 4f3ed036c28ee99fb604cd1136aa1029e89c0ee8 |
| SHA256 | eeb5cb4c913e76a6ed2b7ddabee4daa35ca2df2e717255f4e9607e567ecd70a4 |
| SHA512 | acf48503f9f41a40d95823859147d4044e89b7049c6388733e1ce7db720b8517744c507ab84d6bdfa811f92e34a0b0a49dd1764f598ae2df1f180d4ed27dff77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 09490bf382ebeecf0d913f6d03fa417a |
| SHA1 | b8a6ad6520c0c0f43148f81bc5ccc14f98cbaafd |
| SHA256 | 23accca3b6682e404e8e70c858ff386de686fd02172622648119256afd9ba68c |
| SHA512 | 61541798d8e2a1ad041b26202e59190c677faed7ac80d90b6b6885e1c5d89c17f10df29ee89b172050136197ad859071d139cfda76a7a243bb918053332f000c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1c0b1edab77e28d0ba69e6891516d849 |
| SHA1 | a1a8a9c57d6fdc4f8126098a0a7e83df88467fed |
| SHA256 | 4c0ae83738a8369347066b7257751dc3cc7e9384d306e124165eaf26edb0d966 |
| SHA512 | f7f3e988df2743cef07f21ecd1ecf5001315e6071f2b8534e89569e172ca569e821ae73275509b5e0cd49bce77fcd15f5e1fcbd94bdc4d2e48466ad1771eddc0 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 1e7dd00b69af4d51fb747a9f42c6cffa |
| SHA1 | 496cdb3187d75b73c0cd72c69cd8d42d3b97bca2 |
| SHA256 | bc7aec43a9afb0d07ef7e3b84b5d23a907b6baff367ecd4235a15432748f1771 |
| SHA512 | d5227d3df5513d7d0d7fb196eef014e54094c5ed8c5d31207b319e12480433f1424d49df759a7a2aefc6a69cef6bf2a0cc45d05660e618dc2ec9a2b082b7b5f7 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | b5ec1c651d538125bbad8ae7b5878883 |
| SHA1 | fc51a9862cd962c1dcf92da77deca73aa79f0c04 |
| SHA256 | 7e4836c483ec272727cb1e69f6d1769be0f8ea3783dab5fc6846bea18f8c5114 |
| SHA512 | ce915256b7339ce5ae8c12864b66f8c83c4ef31185e46d5877776a4fb21ae18a58c742af77312d54ca77f42d33c63e9b6ff868c078d11d423dac4b72cb599f2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6d72eb26674f94b75331444c4eadfd62 |
| SHA1 | 77b8b089c347ed4e09eaa19d803bd866d860c381 |
| SHA256 | 40d8b756bce9631cc23e72df9055ee26e446f19a67d675a433b835bbfa47a7a3 |
| SHA512 | 97cbcf59706e6a7ab98c37efb569a44a7bd571da004aca336d85aa657768c3f5d0f463b14d7b04031234aec258cd5eeaf97d194e06e93855d4ceb6ab8e26da9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e0d2f627696b6d9aea53b7bdbd8fb2b5 |
| SHA1 | ccb605886f6c1a94f7ae019e8cd9142c3c866d41 |
| SHA256 | a85050db8758acd07b04af81454c98bf9fa49b4aa93cfc0e094f8e3b9632fd93 |
| SHA512 | e8481d5142c2ddb0893f056eba14adfec90b3d563f30a9493c99dd104dcdb5688eae92117609bd26d5df4c3f6e73b2653ea7f4c346203f98d555a8fd390abcda |
memory/5816-2951-0x00000160DD060000-0x00000160DD160000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c4fa04afa081b225c951e994fda8b84d |
| SHA1 | 3b50789dcf491c81a2382730bb83fdc879fc9508 |
| SHA256 | 33f83589309d81e250c989e13b0661300ff59b0946e56000ba121352b0826b7d |
| SHA512 | f8f2cbabc8903e4fe36f58cb0f01071c209b357cb4ff86ce67e98053e1de074d6abd96a588dccdcb4137812853efe20191582d72fb1aa197f88b6564eab88679 |
memory/3080-2981-0x000002246FA80000-0x000002246FB80000-memory.dmp
memory/1360-2983-0x000001C376E50000-0x000001C376F50000-memory.dmp
memory/4808-2987-0x000001AFDFA50000-0x000001AFDFB50000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 48f12cb0d85cf2f9a5379dac2f931600 |
| SHA1 | 686ca714ca74c89f00cb95acca056c057d09c886 |
| SHA256 | 66544b2f89f7f24860b6c0f3fbdc399b64bc8bc9ed4b56d238442e6fab7d2b76 |
| SHA512 | 4532399826f2a6908bdf36b90550ecc8677b48b4416a29e007789abac341578553a1821218ce92eacd36ad03c1dd5cbb2db397f85096364b77124dd96138506a |
memory/5248-3008-0x000002019C350000-0x000002019C450000-memory.dmp