Malware Analysis Report

2024-11-30 20:53

Sample ID 241118-xsap4asqcz
Target https://github.com/Da2dalus/The-MALWARE-Repo
Tags
gandcrab infinitylock backdoor bootkit credential_access discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Da2dalus/The-MALWARE-Repo was found to be: Known bad.

Malicious Activity Summary

gandcrab infinitylock backdoor bootkit credential_access discovery persistence ransomware spyware stealer

Gandcrab family

Infinitylock family

Gandcrab

InfinityLock Ransomware

Renames multiple (278) files with added filename extension

Downloads MZ/PE file

Credentials from Password Stores: Windows Credential Manager

Checks computer location settings

Reads user/profile data of web browsers

Drops startup file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

Enumerates connected drives

Sets desktop wallpaper using registry

Drops file in Program Files directory

Enumerates physical storage devices

Program crash

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Delays execution with timeout.exe

Uses Volume Shadow Copy WMI provider

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy service COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-18 19:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-18 19:06

Reported

2024-11-18 19:24

Platform

win10ltsc2021-20241023-en

Max time kernel

146s

Max time network

184s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo

Signatures

Gandcrab

ransomware backdoor gandcrab

Gandcrab family

gandcrab

InfinityLock Ransomware

ransomware infinitylock

Infinitylock family

infinitylock

Renames multiple (278) files with added filename extension

ransomware

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\GandCrab.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\GandCrab.exe N/A

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\FUFUWXINHI-MANUAL.txt C:\Users\Admin\Downloads\GandCrab.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\fc6e5013fc6e57f361a.lock C:\Users\Admin\Downloads\GandCrab.exe N/A

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\GandCrab.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\GandCrab.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\Petya.A.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\\\bxmeoengtf.bmp" C:\Users\Admin\Downloads\GandCrab.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_mi.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\MSFT_PackageManagement.strings.psd1.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdate.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_iw.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_sk.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\chrome_installer.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\msdatasrc.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\mpvis.DLL.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\de\Microsoft.PowerShell.PackageManagement.resources.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_fi.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_mr.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_hu.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\it\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Install\{86B76583-B1CF-4442-8917-21F298854299}\chrome_installer.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_lt.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_ur.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\wab32.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\VSTOFiles.cat.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_am.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateOnDemand.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_bn-IN.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\de-DE\MSFT_PackageManagement.schema.mfl.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\extensibility.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_ar.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\chrome_installer.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_fa.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_hi.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_te.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Windows Mail\wab.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\EppManifest.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_pt-BR.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_cy.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_ne.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PowerShell.PackageManagement.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_fil.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_te.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\PackageManagementDscUtilities.psm1.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\ja\Microsoft.PackageManagement.resources.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241118190647.pma C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateSetup.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_bg.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\MSFT_PackageManagementSource.psm1.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\PSGet.Resource.psd1.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\it-IT\PSGet.Resource.psd1.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\GandCrab.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\GandCrab.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Petya.A.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\GandCrab.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\GandCrab.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\Downloads\GandCrab.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\GandCrab.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\GandCrab.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\GandCrab.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\Downloads\GandCrab.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\GandCrab.exe N/A
N/A N/A C:\Users\Admin\Downloads\GandCrab.exe N/A
N/A N/A C:\Users\Admin\Downloads\GandCrab.exe N/A
N/A N/A C:\Users\Admin\Downloads\GandCrab.exe N/A
N/A N/A C:\Users\Admin\Downloads\GandCrab.exe N/A
N/A N/A C:\Users\Admin\Downloads\GandCrab.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\Petya.A.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Petya.A.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3132 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3132 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbb8ea46f8,0x7ffbb8ea4708,0x7ffbb8ea4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff61c965460,0x7ff61c965470,0x7ff61c965480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6064 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6560 /prefetch:8

C:\Users\Admin\Downloads\GandCrab.exe

"C:\Users\Admin\Downloads\GandCrab.exe"

C:\Users\Admin\Downloads\GandCrab.exe

"C:\Users\Admin\Downloads\GandCrab.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c timeout -c 5 & del "C:\Users\Admin\Downloads\GandCrab.exe" /f /q

C:\Windows\SysWOW64\timeout.exe

timeout -c 5

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c vssadmin delete shadows /all /quiet

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 860 -ip 860

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 1440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6692 /prefetch:8

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3408 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,11795228754995208219,1039175039018653479,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6852 /prefetch:8

C:\Users\Admin\Downloads\Petya.A.exe

"C:\Users\Admin\Downloads\Petya.A.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 www.kakaocorp.link udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 arizonacode.bplaced.net udp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
US 8.8.8.8:53 137.0.55.162.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f5391bd7b113cd90892553d8e903382f
SHA1 2a164e328c5ce2fc41f3225c65ec7e88c8be68a5
SHA256 fd9710650fc6774ce452b01fb37799cd64d3cdc282ac693e918e38322349fe79
SHA512 41957bea3e09c2f69487592df334edc6e3e6de3ab71beb64d9b6d9ce015e02a801b4215344d5d99765abe8ab2396394ac4664fced9f871204453a79463cc7825

\??\pipe\LOCAL\crashpad_3132_LMOKCHHULISOPCAI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2905b2a304443857a2afa4fc0b12fa24
SHA1 6266f131d70f5555e996420f20fa99c425074ec3
SHA256 5298bdb27d48c2c2b5e67bdd435445ef5b06d9b36c11394705b413ff3d0f51f3
SHA512 df85de0c817350d8ca3346def1db8653aaee51705822b4c4484c97e7d31282a2936fa516d68c298dcbbb293b044aa7101b3de0c7852c26e98ac6c91415162b53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f61dc3a856af7a07e9ff3a1fb8b274ea
SHA1 9f119b6f2a96f9c7dcfd83f8fb4529bb4020ec9c
SHA256 39116fe93e4cde13604bde2d802ded65a91ad2a01a686fd6e89a67b14cdf24ec
SHA512 6ba1916d417220f3ed5d71275dadbacdd39fda4ec0b86bcac73496d51a84476c25ac8614456e18f88cde85aa2843a35316025e5be6749e6e7bc9012b78d07b5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 7ad9709100fb43b77314ee7765b27828
SHA1 5cd0c406c08c9c1073b0c08169ccaffbd4ef6b98
SHA256 04b61824ffce6fdbae4e6a527ae58b85813226ee28fe4d631feb76b5f936a1a9
SHA512 fc55ee34b1107e298f2cfcb20dce42b5dbc98a7b68e72ed80a6ea594f66dff6f9e9cb70ad5ccbf5ad2171275f375abac1defd8dad4118afa280cd9c1d9f6a538

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 85ad60dbc791ef85461812968d8e70ec
SHA1 b597371a39fc93703da0fb6227d4d23a2380ae95
SHA256 362d20bcc3e9fadfb6bfa47bce5b54f2ec44de19df7122f30b5ca5eb6e92c7a6
SHA512 730b8768052555ef10e6cf57599ea8c453445a6ad9ca1681e81fba722fc804a81547146afbf37c56432aa13c86b0486a3bdd5d2f0006c6ec7194fee237408e49

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 2c699dececfbd3e8bb9633cac722a430
SHA1 14352f8c833de8cab92f7d2750e733219a1424ad
SHA256 9688924f5f25c033d0260f0a7b120c0d3133b23c3a5edeb66604d04901c5a797
SHA512 fad0a60e13ef988daa092aec3341905bc8bfafd6090ad3552acdf36c8bd95f128a399631a14e82c4a308affe55a24d0b36ff1837615071ea99655dba24ff9bb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7946aa6227870fbfacd5fe7b77710747
SHA1 04c347ec4e049569401b8e9ed1681042e79374bd
SHA256 5dec39f8652c0db5e4e16a53130b0cd0ddd0121b8d5af373dbb0be08679e5374
SHA512 f8607665d720a3295ce5a96517da6165374194d4e6539662cb91c0f068e38d53c3cdbb083e515b69b3ed78652b100cb4a386dc5d842a08aeb3ea7661e8a30c45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7146cec2059789e4d812e9b304f72fa5
SHA1 d67a284bdba8c66d50bd14a73c88b4a6632d839c
SHA256 3f2cd67cc7cb8597438e20b8211a0a7d6bbd6ea0dce55e983508b2a9a1bdbf4a
SHA512 42e8b168af90f97dd9e5219e7d27c116017ea0cb60bd90d0b9c4e0ac7b36cfebc84021a3d5b961faf71c0dd30dd90e3308d2bee0c72812c72f4a88c9db278ae3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e122fc93c0ad25d45d09ba51a3e86421
SHA1 bb52a7be91075de9d85f4a4d7baeecc3167c871b
SHA256 a277c1c6fafd7a44b47d94e4bc3c0337a64a34d252e58722855aab09e6f52bee
SHA512 12787aebefd6a5e4584ec8747a78538f948a16b214bdf81302036ae89e2c4563027847236a4770c4f780a9ca0ed03f29b1577bfb6f11feffad85b7a625324bf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3ad18bc751c58fbaf231f6a2ca39a002
SHA1 2fe176a9db8e68a0b840aaba8436e1a0eda68860
SHA256 14e999c96462c7e0f4c2d12a4832700f77ae1f9b16988f5a6b39a32b2b42e625
SHA512 2c960aa1b240af9b7d278a252267f5e53d33eac04fa983548779659d0ab55533428b08f8b2d19d726946d9d171ada6c2d6b346e8d8b279d3fc6c44bbcfedc670

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58172d.TMP

MD5 ba3cf729da9883cbf464d9ea7ed5b33d
SHA1 0bb72e6c6dcc9dc4025798d318a0394e84c3ebfe
SHA256 b8a2b36614c1066b5f74bbef0d126bb676e319c381a4a5f0ccee1aef2f4e9729
SHA512 11608bef757cf6e4f8f189f7d1772ab63ae3c422df20aa282fac7c2e468b4d4a2783c5b0e76dbd3255dfe0e5fbd000a702f051e3e5c095598879a547d0f72281

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4304c1b7793ff091d77d890f176bbce2
SHA1 aaf6386c17ddac9317c9e0b876a8c117ba673f56
SHA256 dedbc1bdb46e48203103a78a4f0477e8b0fe93772000b8704e7918bee4ddb36f
SHA512 0878191aba9c5a0e8e1cb12856349b85e386daf48800b6ef701e3640103fa07d95b66e9e7c82a437b5a0f2c8ecd389acf06656c913a4cdc63ac6f5554d47af11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1c369e04980f3d24a29f786f9469ba0c
SHA1 e3a8d6996fb8d3ecf1ff3837e9789d269fff6700
SHA256 de22611ff3e88aa0ecb2538ac7ec0c5a6f5451988f9575b532947295bd54af46
SHA512 b61950454208ec6a6bace5fb4660bbea458e722d4fcfc7c5db238c6a6095fa343c463dc1afef743612bb0d85271c0e611c5850a73c8693c5d2ce716247f37fe3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c47339631f494722b8389b8e5603ae16
SHA1 f7897ae0c9bac13d46d9a08f7f4931379555d089
SHA256 a062c2a463f09d09ed27428e35a5298a107f5eed89b4c0e2a6d0192e6afd99c5
SHA512 79d732971a7eec03ea19439cc1f59f84c50875df534f31d35b85f8b1f73c1a5ccd979de16633671c19ae2175ab41ecb71ca318fff105b64c1d4de7998b6db34c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e754f16cc7103908807fcd4c359b536d
SHA1 3f7b101e415eeb758ec4dc9753934bcfe13a3aad
SHA256 5d314c0843d5ffe2a13fbe558be46f28bd6c7450eed236df23c343ca3240e2be
SHA512 4a466aceb43030d556b1e46fe2059b84a656df764fee686bd4f69db442194afa2acdb0b09897770d3994d98ef12d6965a88af5d19beabe3da000daa7e0c4b0ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9b5fda22c6d75bc52cfa0b8a62e689d7
SHA1 bac7b579c9e0f390293d7eb9d45a583f6d91d5c0
SHA256 5855e8151f2d07b9ee2a90ddf03975ce53fd47acdca77f7e17d7b392f8c23609
SHA512 c4693127bc6debad2df5c4f7af4120adab8fbd43ed45b2fe5acb28ee73e96fa8573962723d90aeae52624206016ba45bd02d699f3daedf1d9f9778cc3294df0e

C:\Users\Admin\Downloads\Unconfirmed 314750.crdownload

MD5 e6b43b1028b6000009253344632e69c4
SHA1 e536b70e3ffe309f7ae59918da471d7bf4cadd1c
SHA256 bfb9db791b8250ffa8ebc48295c5dbbca757a5ed3bbb01de12a871b5cd9afd5a
SHA512 07da214314673407a7d3978ee6e1d20bf1e02f135bf557e86b50489ecc146014f2534515c1b613dba96e65489d8c82caaa8ed2e647684d61e5e86bd3e8251adf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 30d895b7a57d35702da1ecb8d772a3ca
SHA1 da300d1e38e3608973f1644fd1c78e6fa925c7b2
SHA256 6e11ff5771975b108b0728dc77d32bf0c49136c0437b7fc53efb9d2d2198047e
SHA512 80f5e63261718ed22469fca37e9ce472639b08e35df3dd6829dc8b60e4d5cdd340f592ccc9df15dab44a803180cc1141c0682abbcf7bddd2e029b68b17fcab82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e2f49e6f5edbe493bfe86b7137eeda9
SHA1 ffcc6d7e7052171983864ff216ef2f4513f9cab6
SHA256 e14920cfd09e66d658f4baf0a5fb45a441279655836bddab252c09402f80f87b
SHA512 2a24ca8238316f70c8a713edcee337ce99ee9672c0d905fa5ba9ba1d582bb3c451d57c9cb99d6b403cf28c76371f0efce72e015f9abadb9f476582e896fc2afa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58b244.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c1154b2f-4c83-4580-b937-3a868be2ac98.tmp

MD5 b979d366d6b0f26c47a9af9a198ed10b
SHA1 06bf43ec16a8176a1996508956961888faa7b983
SHA256 499a919236919b8c0684d608e12e3dd3ad2a23af1e81970bc8a0ea3015dca196
SHA512 ae0b999fc4b4fe24e0d40bd3eaca1107eaa3ce1eb6ad1f3d4b46479966448d1b3f80b5c9acb43afea21c744dd14922b68cfa04855521fed56e12ace25d78b1b3

C:\$Recycle.Bin\FUFUWXINHI-MANUAL.txt

MD5 1b997c0f434792f17bb84c22c3cee5d7
SHA1 1a3a8c47a05642382d65ecde661bd81006487f3f
SHA256 a71bf2962aa8297da4b9fd0806081d8f0aaf9bb0fc6279594ae0a794bb69cccd
SHA512 fde29979287090c7e198a9de08c52c6312ee15fa1398cfd5f1f597362ba89ed751ab7a4d44cf388b8270371a5c2836854e97bbb1689993ee9f9ca7afc9d87d20

memory/2300-729-0x0000000000400000-0x00000000052B3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f2162f16683236f65cb08b35247ddd2a
SHA1 16a7b5a109a86976fde4c0675857e45a5ec54512
SHA256 e290f93db7ca86e90c8e617b7094c3628215dc8880f89f32e913861ca9a15655
SHA512 12487009ebfa4c9223b8b73707b2e524b88e0e4a77c4d8c9abf6cb63f85059bb6a25c86b76b063554f8e5d2cc861606a27fdc613e8e46e6893cb11bcdd2b2372

memory/860-1219-0x0000000000400000-0x00000000052B3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dec6058b1d6340ff7b10aca9a3bd76e6
SHA1 12171afc29302bf55b5dfa80a817adecbfa75615
SHA256 8b9099bcd5cea8d5943e51593dbfef2a677d9ebaa65a488d099a1158df05a600
SHA512 9601342f3884a6ab6a25763424890dbea890d0c6f277cf6e06cdf88b63f663b80a1637f3ac053deda398758e7ca12c2dfd0268fa80125478abe00c32d1a32dcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5c11f32a7cf0d3aad9472438fed3b843
SHA1 a0a756823a57f76be695946f70570a792a1d3259
SHA256 781d35f8ecbdbe498887135d8cffec7bb7dfaaf1e327008ef2aad0a30f7467b6
SHA512 6338dd5b58943a31e73ea82d4d994c5f490c4e0c7df4008579b79af3bcb0d62d739719952870fbecf562400ad49caf56f696d23ee677ab5d5b9d81a4cb35c66b

memory/860-1239-0x0000000000400000-0x00000000052B3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 84f0ab5e2e29f710d94283ced9faa1b1
SHA1 c07488e2f37fcbeedbc08c5adc9711e021637f58
SHA256 a9cb1e5e7d32dfa36d7b6511575b74c0488f592fdd5a7c2c6d2fd57f80f3f13d
SHA512 9895919ce90f1cc064ec65d2c2e1482faccb216540bbea743d81e6796dc6645c71fb40e56ef2c9dcd4ae980ae76602f9ca6ad31819d8ff9435415f0f818c9ecc

C:\Users\Admin\Downloads\Unconfirmed 224715.crdownload

MD5 b805db8f6a84475ef76b795b0d1ed6ae
SHA1 7711cb4873e58b7adcf2a2b047b090e78d10c75b
SHA256 f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
SHA512 62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 851fda061746105fed21ecbf598d7e27
SHA1 857fd036b3f876c88ef34694f61f9270c3b92f0e
SHA256 15785fd3b4561ea9c38571ae9228c4443f6fb5ffce89b9d47275c1fc4e23c486
SHA512 f2de75101afc3d338ab712c6d5a745c327b1963ce8c1f51acc9c235ad7e843f2ac3ca720c6afd94f179e8d7548545828e9f1b783b77152b0428902d0fd8f160c

memory/3856-1296-0x0000000000D60000-0x0000000000D9C000-memory.dmp

memory/3856-1297-0x0000000005760000-0x00000000057FC000-memory.dmp

memory/3856-1298-0x0000000005DB0000-0x0000000006356000-memory.dmp

memory/3856-1299-0x00000000058A0000-0x0000000005932000-memory.dmp

memory/3856-1300-0x0000000005820000-0x000000000582A000-memory.dmp

memory/3856-1301-0x0000000005940000-0x0000000005996000-memory.dmp

C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 dff523e61cdbdaead3f41731c7a47568
SHA1 a708585b134ad88cfa78dcd268c35ee38de23f3b
SHA256 83943fae56d9d4adc812030e123f6bc68e2a1ec599e74f158ac692798d2c98ed
SHA512 51d3b02925f6034dc26933815462a8cdbafdea160c246ff93d1197c731a353972392ba0e36ed5fdfd8272e0a773db0c515b8f5b912561d1ba45028bd3852e81b

C:\Program Files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 24875e48a22309808dffe64d92329d17
SHA1 0c96a0cf17b4adf7fefc45aa54d0ceaf71f29712
SHA256 ecb8d9bfb5d0e4a537200d6e9f7c25e9b15744c0987f429944afdf5068d9b3ec
SHA512 1c78b2534c831021fdad16b541b624d90268ef7c2b11d06f4ce0a5dc8923c5dc6c3de2d2cbac9f62826b17e56fe86992620ac535354c3319855607029d3319b2

C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 32f9183f07742a53b37d1b61025ff079
SHA1 49aca9754232f84b03f3e5cee76f251d74a5a666
SHA256 a5c69d9531ee054ed49d771c837652a9e503e47d481b8d48346b25213dc4c084
SHA512 7c6da73c6f9d56a82b8ed9f95af42d87aa8911af286e817d5dcd33a6b7b35ff9def6d2bf1b5c00f6533d7ac87f97e390dc7e31c8de8be96dfbccf7b63894c20d

C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 2ff112623320a198d433a21ebaeaad4b
SHA1 96b6a67ff26a13cdc26535ba6a98ca780d59fedd
SHA256 69e49bc4c465e60ecb4894b30ff9b3b9b5b638c1c2a396dbc3ca6d09c23ccf31
SHA512 2e2698555bb504e02adb086336293ee88065f2430364fcd18f650b284d5e4d753ded98e25a7df0e7a2c8bad3d535fe98bb3132d17d4938397fe10ef777f8c50f

C:\Program Files (x86)\Common Files\System\wab32.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 233ae3d1eac68ecb6882f4cd1b93b43d
SHA1 ecee918252acaa761222cb1693f420159f8b90d4
SHA256 73554a5931ab26d278ea2e445f5c08a71ddd72ea94e4b7550f11d93aa0691a17
SHA512 42bc610f4ac7c2d2feedecf4879c6a7c0d088051c4fc10b64d7304449580e6845d18480a961954e4fe06ef7c7acd6ae26c550bc306ccd9b555ebbf6bd9f90121

C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 91d04d3e0ade2ac9e8ac17bdb3fc6ab0
SHA1 d0d3f0cbe6c11b4472aed1ceabb75801bd4c67d8
SHA256 7189a8c858f66c49c7d2134d31d5f9048b386005d1fb4c6077adb572665319d9
SHA512 2246e2cdb8ce4987868a3b12fff5b11d509992181c307c69545d8757bc44b5c77d0fa72e35090ca10579184ce5f74ccac1601a3533f630fac32a47d50114d81e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7e065ba4b1571a8f3a2077acf983d4d6
SHA1 712357b09f9377319fc2f11d115f6503ff5df01c
SHA256 c627cd7d72e76e61633a803e52d246895963ff32a1bda0f8d8d72f266d954839
SHA512 7d6c4c528531bc09d380d1e4ff972ebd803dbbfd9e9a0427437b267914ad252a9b153c067c8e73e615eac3ff8405acf9a2054a5393a4a0479453b519195e3256

C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 0948c2cebb6f8f2f10f429f077335d04
SHA1 a8fcb6474446c1e86fcb0518ec02c86f237b4fc8
SHA256 849e4a211b26b08c85fe1a25245cf3086cc4f128242a3b55443e2c1194145c68
SHA512 7a715b92dbb2eb08de64df63e54d09a067eebd5e711ee75aa3f9319535a55e0641246abb8c5d536ba05e19468ca0292a036dd95773f098b3ccdcf70ad184ffa2

C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 fe2372fffaec727562ead3ac04a8fe5b
SHA1 40044e9ff256254b51a7912c75ace3d86946c0dd
SHA256 504e9a0ce5748df4972d6e80057eb3aa083d0d82fc71d3f97d9f4866630707c7
SHA512 7fb0df2bf89df6d0c280783bf35458c348433e9c7d4ccda90d723ca0ebf9657b9d4ed30779f7b82291022c3cd3f656256ae7be73a8a94b412d17e7ae9e620b83

C:\Program Files (x86)\Common Files\System\wab32.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 5e7b22829a8421209a0a0bb4aa3b1eed
SHA1 8616fde56daf87e2e254833d40232f624902a8f2
SHA256 8c1c090a3d8ca653148114ddda025bf1229a27f45564e00eb97b51bade7b5410
SHA512 02482321a7fec13692d1e36a02d882dd5d38fc483d1745c9adf4d2752aa2248348b4a20c79f142bfe48bde1e26b215765fe7802f9da4b37e432c958c7be41432

C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 d912f30b089042b58686a9182b21cd69
SHA1 4bba2fce101b21970ca80fce89b61371ddbcbb14
SHA256 c4a357869fd6cc69e0546a745de32feff436bde5b034e7fd46c0642d50caa58a
SHA512 116436a68f690f48889d9ac49905c3936c7e719636a41f9de4019adf40b829f922344edc349e00c07b8bc67e70825bca85ac611ed9a128371a9255b81ffbeb6e

C:\Program Files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 cf9df03f881b1d3a940b4ada5c2a7863
SHA1 512b42ad144c80352c42b107a685fceefec2562f
SHA256 0efa451dc8e3656df7c04e291039477e42504cdfd0113b4c65d6b0ed67043561
SHA512 2757c284aef6f0a8e18f8b44d6a10780ab71d6be77797665fd612c0673c8a61b7526a0d1e0ec7d6868f9f50f37aca84f3349fce648a5ae7ef5ba4bf8c60a81cb

C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 f329ad6f442ae419b6f82427f68002c1
SHA1 fd92676752b8391f633b28812905679d3066836f
SHA256 643a88f3c354acfddcfa8b68ca1829c87144d26da9474d242e5ab7d0d9c57378
SHA512 f6d8de617e6f10864baae5a0b9a5fa91af015524df747bfe04cae24325965ea731ddf365694c9daa112dd530f1a46d7bf8452ecae27566a6000e3d05ba3a9741

C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 765626f3d2552610fa88ae64bc8329cf
SHA1 3c0058f5c147d461f1793a67582b13b0e4c289fb
SHA256 edc8153515da42b69a3201e5f782942d145f5d34cb6a19ee90aa9b2bc5df3fa5
SHA512 f9d1d958408d00382de5c42024d1547b87be5f7fcfee23826333eaf02de91ea91e61826eb097ccda959fac779cdc8d4d8656b31bc85936e20128baf5d3c44612

C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 357388277f550f83442c824108fb157e
SHA1 fa7053f0e3b2e76a5341d76cb9e204d2c7f05a96
SHA256 eb0a924f0cb27cea8ff65a82d34e5fb25afe6d5cf0c5f586756329b2a3c08633
SHA512 27c8e468261f1abcf2062f8b217acaac80ff9a9a2510b4b312c15d031df643beb25ede75d796fdd2b95b2130c882531c913a43b932546911ef93afbfc0cd5e6b

C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 13909c75b95cea9a2160d80c92a535eb
SHA1 663abc9e81a31bf4fe07bbdc0cba7355f7da2418
SHA256 033d535e32829db06692533f2fca13e61d346fa99d7b29e77af049d6e5738676
SHA512 fa9fbe7110ce270423d839b5caffd05f7e1fd4f8917e032b7186147e95dbae249543cb3fea4d0141f86e8d63df39e700a4373c274789a3576b5444962c24013f

C:\Program Files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 d2c15c67f5bca410c4c471f577ae0683
SHA1 ff4211ec4409a9d488b1c27556d4e11a1bd33daf
SHA256 e0a34d70f795b5dd558866eb18d9a6d2bc4c1209dc6c2f42560ef5e8d433a116
SHA512 7449abef78b8d311120e50303eca770deff70709c26ebd4f96626540177b6f4f0f2714c676f5b6841ea04ecd244fe089a281b4c0aac3bd7f1d45ee9c0129464d

C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 36f8e131f3e7536d8171fc4a4851c3b2
SHA1 a693c22ab44f560d55c725991a4bce84d7a2253c
SHA256 4420818f7a6ad683c2ed34eecd7ffb8aafd31e94c054c988643bfafde99fdceb
SHA512 e675414d0e4d3568552c89c7e4e1f678ea9af08b68d34306cb20a8b36297d04069389c222b04ce8af4c593b82c637cd8c988d4eb40c92f2237269792057a1a50

C:\Program Files (x86)\Common Files\System\wab32.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 d0a72ab91a90e4ad1dc5d0300ff0e2e5
SHA1 3689060226cdad8055d44f8406497024af613ea9
SHA256 2dda322f48fb3506bd87298c8c445b4276fa948508eaafb3cd873b83eb8ec044
SHA512 1d718012920c423bf497bd4797b750ad56b8c0f306e5402ef0c90dc56ffcc2bc5baa97c2c0a6ea99472e863cda9ed82178d1698210942fc35c92f8a6e1f74275

C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 e86a925c3844b58bdfab1bf80c62b206
SHA1 8ac6582d2c303500d8aad7d4e0b56e8ff9415d33
SHA256 e548d721a1d29cb5a5e3fe2b6df2777635fb812f98febf602a22993c8b93abd3
SHA512 557e85e79cf3a5f263020ab0ea79e3e5e47003fa79c0e4613aa75c827b4003fa6c8fc00e4596edb5a14c519f39fdd827cbb78c4e12fd2ffc83c29beec7ea15b8

C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 62a097f8444dc6461e67ba339c5331d9
SHA1 5cbedf095a5eb78d22d026e2aba0d39ef5d4d5d8
SHA256 fdc145d62c3cf95cc30d69fd79acb83bfcc1662878f36e2feed47c70db8a74f9
SHA512 29e6010856618953d2cd3e687810a528324ee827682fd3192a608f69fa9336fce4a8872c4ecc13a0cef5a6bd4ac6e717acecd7245d74259a58963fc75fa46e34

C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 b5c32d22fcc8d23f64eb9edd6199933b
SHA1 56f0568dda8e97c5628b85df913e95075f679c81
SHA256 5c3956e229008fa8f40e66ff491ff6c0c1cf6dab441ca2290b41679df4c02e44
SHA512 7deac3b682a5057ac6c9e2da25852d613e19ff27cc14e8a89275fc5082abef398b601a1c42e8d0a117e5f44b958cce9d1771040f6d708a3b575f6a72bd44c9f7

C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 195439a20d7044263d7c50c10496a20e
SHA1 9fd4821d06e04b6aec017cc6cbf39723d8a03e48
SHA256 020b9d2ec6a760f3ffe86eb67214f943b0c90db71ff9077a386687fe124e11c6
SHA512 0eba4f1e4c874d796952d234521fe2dc7a3a8328d0d39eb1140f156ae4f8306254e8f1565179c17880e0560da70522aefa4e20a0fccbb1663568ca73e182ad22

C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 6dd8c9e17845ced90abfa4e3e36e59a4
SHA1 2767322cd6fe14d187bd70025d5e1e3e7898f73f
SHA256 642a6851aae1669b02a69bc3d5f015e7ecf71bc13e5679adcff97e8e5f0b5469
SHA512 e5d2eb7d1c38277cc640543ebd5876cc7422c059afa8b06023e3a7732801f558e5d86f432463c9dc9a0f0382b9ea16b301585ced57c621a230c6306efcd15c03

C:\Program Files (x86)\Windows Media Player\mpvis.DLL.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 cc60d8cf1990e0562cb228f717bdd476
SHA1 2aa06bb9f19cb52d381eaceb50dfd5d9aa6c2c7b
SHA256 8ee93a3c64ba13caa0a6522123ad6a19b2e79ff2a52b45960e1163dd7a3c9a8f
SHA512 91d3f001db2f41b1fff28887619174f7cee1f37bec02bd7443d4b6f81fc72360b7dceff8b708849564304e1b70af1d04378445813a2a69d4896b79fbbe69a6fb

C:\Program Files (x86)\Windows Mail\wab.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 f3863275b4bc47fc0dfaaa632c5a556b
SHA1 b959f62077db0f345bc4fb36b31d2cdd99679c38
SHA256 af943501956dbb40c58188706d36d5e7d8824c21e0da8fa81db1d82a43537b0f
SHA512 c2e616647600765f1e4860270db086d349138befd5b39bb96529d9eabd25a2650653168657434639141d7fc19eb84339950144d03f65a75c1dbdbd061266dc1c

C:\Program Files (x86)\Common Files\System\wab32.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 546ce1896b1c378224d0c38e73b70d52
SHA1 d8f4e1d2635d1188f96b1ea4c3e3ebfa642ce6e0
SHA256 5789e527717606e6d5d68c3a0d3c0870171dc1cfad3f67d42357c558bdbd4636
SHA512 b0044cb7468e42b86297ee6700570b5321e6d7a72ee7f8dd9c6c4a92f13e2790cb28f53286cbd846072f40b6ca0621d21f4bc5fb391113102c96529e5303546a

C:\Program Files (x86)\Windows Defender\EppManifest.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 578979f614ef545aaa645e6f54c607f1
SHA1 89aa4d32d20052f29d6639e212697551d9e3898d
SHA256 490580501eeadc7ab4de77270133130d5ec7de308cca3b21b3e371e97edc1dfd
SHA512 4800a956c008deff9a474fbdb6508d8fde1528562db84ced97947a9fe695d372b16687eba70202bcd0e59ab6e3356bb778c624a696731fab37e64b38f5edba8a

C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 940b40bda37d53fa51796e8df96bf4eb
SHA1 9fe7f174fbce2894a805f2b05eafe16d1977f1bb
SHA256 b8d803b0a36c48dc89686b601560f438d41f25cc8e2ab841900bbdff1dbfeb73
SHA512 2e89a57df032743c9d235d581cee6718896373a2345f7c62831925ad4103c4ba3394513513dbd7de8a98b5bbf3bb27baac9f89d8fb19b457a767f0d82f9416db

C:\Program Files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 2ba2292753f40829ede34080631651e7
SHA1 1d151c6578abb1cd6666d14c5b765afcef4ef496
SHA256 328b000afc8bd8d99a70fec3d7f4cda6bdb6a8f6df126e0020f83a1fc4427896
SHA512 562dbad6fe51628f710035a5727630423d948d99d58ba598a9755f4f813f8d5d5cc428cd1f49c96f67e111296ecf1238f01250c6b2ac017ed0d18a9fe1984bd7

C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 e3ed10d8eec78e8d1f321ab43efb735b
SHA1 6aade1046c7b1dfec93d0484fa0d64ed7a63eff3
SHA256 a69a18b8f0e85df756beaeb57d9cf82befa4b04226a2064f450f0e5ac6617273
SHA512 bbbdeee3af71b719efd3a78e159a3ad57c8ba05e3040962603f8b18b8410e92162c0fca6dc7ae780c8aa17f66d4df3616ee13983cc54cf60a93cf9e8f3270826

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 cfae715b8b1ec8eaac221e0b12a22f8f
SHA1 30a24e82f3f9c724377427c4ea702aa43046c16b
SHA256 e04cb6894e6af60c1983bda65b411a9d2e1cc999235beb460b4d82ce6e3e51aa
SHA512 e4edbe3b1b855bef848a2d4200a7d1e4d3b830d3b60e76bd34c92b549905ea89943dce2c8e4925d8370b4194f41fd9d1c09a51aacc027e5f82c7b8d54553927f

C:\Program Files (x86)\Internet Explorer\ExtExport.exe.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 7d857a72abcc9eaf24ebc09257ed856c
SHA1 114fd5cdec307ae8cf1f928605aa88e67945d845
SHA256 0851e63031c40c0e6b0fdb2879642979aeca63b72ed6d5961e79fbe235943b64
SHA512 502b5cc7a59fce67b25c93ed705aa1c23e20c0418113cf92871184bcc5a8132eba2231216d9780b61880916035660d7b2554c9e244b632c930e0ea757f690e87

C:\Program Files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 5c3d528e500b197d02cbcaec281d30e8
SHA1 b4e107e31a3d1099fa41342bfe3e78c41e87fbe6
SHA256 d43d09e24948c4ff75194fa0391856593e80f63ba919593e568932449046dd92
SHA512 616577a49be5e7bb861d527be589099176be17b6de032c659b3529a06848aac26c6513f3b61b2b108bad19135de86942f8b00c19aeadeeaaef997a8c2da45e2f

C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.DB85D805D3232F5DF324B3A745620F19EC2B1F5093D74060D2BD3B09CFE7AC98

MD5 6bdfab4654dfc27aecfd08564b999993
SHA1 465c2f2d0a01c8c8228640e7704748b4df99a475
SHA256 7346575e65ec71acffbb6e4123f1bbb1891ec0eca9e1130a377681703882180e
SHA512 a59c0d5c7831ab9bdcd504ac33eb1dd0a69521d145d1a309ca1ace960a37d836a4a3f2a97c039ed48b64038cc2ccf59b770a801a7153b3cbd8a93f259b96a1b9

memory/824-2047-0x0000000007490000-0x00000000074F6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2ebbd61422b78463e73114c90d111185
SHA1 96a2a4824b034c487ccfcc08f3d7defa75601565
SHA256 164f96175f640e1c88954414f0d6bd4b866e8bc4004221585211df95aaeacaab
SHA512 a707e87fa44ddc0f804778e849698b4b9b1a110342a9eb8abcc1a9178019d6424077d6293940adf1b3db80872e42fb70347fb927e7a6cadb2490381fb2f1b926

C:\Users\Admin\Downloads\Unconfirmed 854775.crdownload

MD5 af2379cc4d607a45ac44d62135fb7015
SHA1 39b6d40906c7f7f080e6befa93324dddadcbd9fa
SHA256 26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739
SHA512 69899c47d0b15f92980f79517384e83373242e045ca696c6e8f930ff6454219bf609e0d84c2f91d25dfd5ef3c28c9e099c4a3a918206e957be806a1c2e0d3e99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 14abc4cea020064c04ffbac77bd94cd0
SHA1 ef2d9b7cf132d4d459886deda132362fdf3507e8
SHA256 b2745c793551ea41bce3082ca5a11266481eda41dcd975dc04447cff596e534c
SHA512 c6dc00baccea678f39eabc27af1cc6be66732063d431f96f6c66146d8417cfe03297cab93c2fc38c64b836fd2b611a5901aa73ab1c932e83fcfc7012053ad061

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 df405a66291c37e83bd01589c92f1551
SHA1 fd452a2444b5e7b1c618fdef8e81fa89db145ab5
SHA256 7d3762ffd1f739a9e4f1bebcb7289eb245fbbab75b0f95abbfc8a672362e70dd
SHA512 4af6f4db5fcb84faecbe81af96f513e64cfc0b2f9633c2a72b929414a66509c042a6c26b9d4e9b7bebd69807cb818cc6243075b4400dd4ecdffe6db8f73fce96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 59e2d6d9689b53d908239e0a0d39dbce
SHA1 9a7101ecf17e87e53cef31feb250c5d37e22bb11
SHA256 b3ae983806ade638fe7dd3eb98b688802ff5c8e4c98b14a576b8f875a665c5b1
SHA512 3f065a70d82d9721150194614851895eaa0f34f17942d01f0032834c103c74e4206eeec5165f56c4c36661945a092ad8463b63bce8b69b6634fe1fb012b61e88