Analysis Overview
SHA256
b0f9747074a79d49c856ee69096fae7032540c0835aa31d403bdc6c40c2ffaf7
Threat Level: Known bad
The file beast-max was found to be: Known bad.
Malicious Activity Summary
Dharma family
Infinitylock family
Wannacry
InfinityLock Ransomware
Dharma
Wannacry family
Renames multiple (678) files with added filename extension
Deletes shadow copies
Downloads MZ/PE file
Boot or Logon Autostart Execution: Active Setup
Credentials from Password Stores: Windows Credential Manager
Event Triggered Execution: Component Object Model Hijacking
ASPack v2.12-2.42
Drops startup file
Executes dropped EXE
Reads user/profile data of web browsers
Deletes itself
Loads dropped DLL
Enumerates connected drives
Drops desktop.ini file(s)
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Installs/modifies Browser Helper Object
Adds Run key to start application
Sets desktop wallpaper using registry
Drops file in System32 directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
Drops file in Program Files directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates physical storage devices
System Network Configuration Discovery: Internet Connection Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
Modifies Internet Explorer settings
Uses Volume Shadow Copy WMI provider
Suspicious use of SetWindowsHookEx
Kills process with taskkill
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
NTFS ADS
Uses Volume Shadow Copy service COM API
System policy modification
Interacts with shadow copies
Checks processor information in registry
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-02-12 17:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-02-12 17:13
Reported
2025-02-12 17:32
Platform
win11-20250211-en
Max time kernel
900s
Max time network
900s
Command Line
Signatures
Dharma
Dharma family
InfinityLock Ransomware
Infinitylock family
Wannacry
Wannacry family
Deletes shadow copies
Renames multiple (678) files with added filename extension
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | N/A | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Credentials from Password Stores: Windows Credential Manager
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDBE42.tmp | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CoronaVirus.exe | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CoronaVirus.exe.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDBE3B.tmp | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CoronaVirus.exe = "C:\\Windows\\System32\\CoronaVirus.exe" | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Windows\System32\Info.hta = "mshta.exe \"C:\\Windows\\System32\\Info.hta\"" | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Users\Admin\AppData\Roaming\Info.hta = "mshta.exe \"C:\\Users\\Admin\\AppData\\Roaming\\Info.hta\"" | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r" | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | F:\$RECYCLE.BIN\S-1-5-21-1008898722-3518013580-3694625758-1000\desktop.ini | C:\Windows\explorer.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\Links\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\AccountPictures\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Libraries\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\OneDrive\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\$Recycle.Bin\S-1-5-21-1008898722-3518013580-3694625758-1000\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Saved Games\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Contacts\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Links\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini | C:\Windows\explorer.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Searches\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Windows\system32\SystemSettingsAdminFlows.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\CoronaVirus.exe | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Windows\System32\Info.hta | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp" | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_move_18.svg.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\uk-ua\ui-strings.js | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\cstm_brand_preview.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\fr-FR\MSFT_PackageManagementSource.strings.psd1.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\identity_proxy\resources.pri | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_cy.dll | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib\warn\warnDeprecations.js | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ONNXRuntime-0.5.X.dll.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateCore.exe.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\msedge.exe.sig.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\d3dcompiler_47.dll.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\core_icons_fw.png.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\glass.dll | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-lightunplated_contrast-black.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\dc-annotations\js\plugin.js.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SpreadsheetIQ.ExcelAddIn.dll.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\Skins\Revert.wmz | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\zh-cn\ui-strings.js.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarSmallTile.scale-125.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\[email protected].[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\main.css.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\uk-ua\ui-strings.js.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\paintpicture.targetsize-48.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\NewsSmallTile.scale-100_contrast-white.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\pt-br\ui-strings.js | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\iw_get.svg.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\VVIEWRES.DLL.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\IEAWSDC.DLL.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\OcHelperResource.dll.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\WeatherAppList.targetsize-60_altform-unplated_contrast-black.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_21.21030.25003.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-60_altform-lightunplated_contrast-black.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.MsoInterop.dll.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Accessibility.api.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\db2v0801.xsl.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_1.0.36.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-72.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_tr_135x40.svg.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-down_32.svg.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.Json.dll.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-125.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef.css.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\v8_context_snapshot.bin.id-CCC57CCC.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\text.cur | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\main.css.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\CoronaVirus.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Popup.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Popup (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Popup (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Windows\explorer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133838546753787792" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\AppUserModelId = "MSEdge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\ = "Microsoft Edge PDF Document" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids\MSEdgeHTM | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.svg | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.mhtml | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0\win64 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\CLASSES\MIME\Database | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\AppUserModelId = "MSEdge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.shtml | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\EnablePreviewHandler = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\PersistedTitleBarData\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe! = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.pdf | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\CLSID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/svg+xml\Extension = ".svg" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\URL Protocol | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids\MSEdgeHTM | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.mht | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\TypeLib\ = "{2397ECFE-3237-400F-AE51-62B25B3F15B5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/svg+xml | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LoadUserSettings = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell\runas | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\AppUserModelId = "MSEdge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\ = "Microsoft Edge MHT Document" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\PdfPreview\\PdfPreviewHandler.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\VersionIndependentProgID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\ = "TypeLib for Interface {C9C2B807-7731-4F34-81B7-44FF7779522B}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Programmable\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\DefaultIcon\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\msedge.exe,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\runas | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml\OpenWithProgIds\MSEdgeMHT | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.xht | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\msedge.exe,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.xht\OpenWithProgids | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.shtml\OpenWithProgids | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\EnablePreviewHandler = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 269127.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Popup (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\BonziBUDDY!!!!!!.txt:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\CoronaVirus.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 981259.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Popup.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe | N/A |
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\beast-max.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff814e73cb8,0x7ff814e73cc8,0x7ff814e73cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTE0MkJGQjEtNjMzRi00NUEyLTk4N0ItQUE3NDlCQkZBODBEfSIgdXNlcmlkPSJ7QUJCNzJFRDYtQjQ0NC00NzRBLTg2NDItOTExQzgxQUEzRUYyfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MTBGNjlDNEItOTk2OS00RTlDLThDNjQtMjM3QzBGNzVDODQ5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTczOTI5NDgzNCIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzgzNzY2NTUyNTM3MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4MTA2Nzk5ODIiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5468 /prefetch:2
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" FeaturedResetPC
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffffdd8cc40,0x7ffffdd8cc4c,0x7ffffdd8cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=1896 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1740,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=2060 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=2224 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=3140 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4444 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4316,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4312 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4596 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4676,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4804 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4660,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6704 /prefetch:8
C:\Users\Admin\Downloads\CoronaVirus.exe
"C:\Users\Admin\Downloads\CoronaVirus.exe"
C:\Users\Admin\Downloads\CoronaVirus.exe
"C:\Users\Admin\Downloads\CoronaVirus.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\mode.com
mode con cp select=1251
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\System32\mshta.exe
"C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
C:\Windows\system32\mode.com
mode con cp select=1251
C:\Windows\System32\mshta.exe
"C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Users\Admin\Downloads\CoronaVirus.exe
"C:\Users\Admin\Downloads\CoronaVirus.exe"
C:\Users\Admin\Downloads\CoronaVirus.exe
"C:\Users\Admin\Downloads\CoronaVirus.exe"
C:\Users\Admin\Downloads\CoronaVirus.exe
"C:\Users\Admin\Downloads\CoronaVirus.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\daf9868343aa4e3ca5ce60ff18780e2d /t 20860 /p 20856
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6664 /prefetch:8
C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4912,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4896 /prefetch:8
C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5220,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=5188 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5416 /prefetch:8
C:\Users\Admin\Downloads\Popup (1).exe
"C:\Users\Admin\Downloads\Popup (1).exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\MicrosoftEdge_X64_133.0.3065.59.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff61f816a68,0x7ff61f816a74,0x7ff61f816a80
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff61f816a68,0x7ff61f816a74,0x7ff61f816a80
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff685cb6a68,0x7ff685cb6a74,0x7ff685cb6a80
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff685cb6a68,0x7ff685cb6a74,0x7ff685cb6a80
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTE0MkJGQjEtNjMzRi00NUEyLTk4N0ItQUE3NDlCQkZBODBEfSIgdXNlcmlkPSJ7QUJCNzJFRDYtQjQ0NC00NzRBLTg2NDItOTExQzgxQUEzRUYyfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntBM0REM0M5RS01MzgxLTQ1MDYtQkFBMS02RDdENDFGOUQyNkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMSIgY29ob3J0PSJycmZAMC4xOSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSIxIiByZD0iNjYxNiIgcGluZ19mcmVzaG5lc3M9IntCQzlGQTYwRC02RjQ5LTQzNkUtOEZDNS1CRkFBM0U4NTg1RjF9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iMTMzLjAuMzA2NS41OSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIxIiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzODM4NTQyNTM4MDgyNjUwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODM2NDU5ODg0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4MzY0ODk4MzMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyODg4NjMxNTgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9mZWQ1NTgwNS0yZTg1LTQxZDgtYjRlMy00ZWY2YjVlYmY2M2E_UDE9MTczOTk4NTQ2MSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1aRDV4M2lMVkpwaE1qM1pTNm9abGQlMmJHSld6QWtZWUglMmZ0eThHWkRwdG10SXRzb3FyWUNER2g4UWlTakl2M3F3WTJMSHhXSUtRc2k3bDVZMEEwZ0tXT0ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMyIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAxMjg5NCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTI4ODkwMzA3NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZmVkNTU4MDUtMmU4NS00MWQ4LWI0ZTMtNGVmNmI1ZWJmNjNhP1AxPTE3Mzk5ODU0NjEmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9WkQ1eDNpTFZKcGhNajNaUzZvWmxkJTJiR0pXekFrWVlIJTJmdHk4R1pEcHRtdEl0c29xcllDREdoOFFpU2pJdjNxd1kyTEh4V0lLUXNpN2w1WTBBMGdLV09BJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTUzMTY1NjAiIHRvdGFsPSIxNzg2MDQwODgiIGRvd25sb2FkX3RpbWVfbXM9IjQwMzg4NiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5Mjg4OTEzMDgwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJ3aW5odHRwIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9mZWQ1NTgwNS0yZTg1LTQxZDgtYjRlMy00ZWY2YjVlYmY2M2E_UDE9MTczOTk4NTQ2MSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1aRDV4M2lMVkpwaE1qM1pTNm9abGQlMmJHSld6QWtZWUglMmZ0eThHWkRwdG10SXRzb3FyWUNER2g4UWlTakl2M3F3WTJMSHhXSUtRc2k3bDVZMEEwZ0tXT0ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIyLjIwLjEyLjc0IiBjZG5fY2lkPSIyIiBjZG5fY2NjPSJHQiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3ODYwNDA4OCIgdG90YWw9IjE3ODYwNDA4OCIgZG93bmxvYWRfdGltZV9tcz0iMzQ4MDgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTI4OTEzMzE5NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MzAyOTgzMTA3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5OTIzNjkzMTQ5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMjQzIiBkb3dubG9hZF90aW1lX21zPSI0NDUyNTgiIGRvd25sb2FkZWQ9IjE3ODYwNDA4OCIgdG90YWw9IjE3ODYwNDA4OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjIwNjkiLz48cGluZyBhY3RpdmU9IjEiIGE9IjEiIHI9IjEiIGFkPSI2NjE2IiByZD0iNjYxNiIgcGluZ19mcmVzaG5lc3M9IntEOTk4OTNFMC0wMkY5LTQ3MDktQUUwNi1CN0QwMzE0OTM4ODd9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEzMi4wLjI5NTcuMTQwIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMSIgY29ob3J0PSJycmZAMC4yMyIgdXBkYXRlX2NvdW50PSIxIj48dXBkYXRlY2hlY2svPjxwaW5nIHI9IjEiIHJkPSI2NjE2IiBwaW5nX2ZyZXNobmVzcz0ie0ExNThGMEM1LTU5REQtNEE1NS1CMjdBLTJFQ0EzOURENkY4OX0iLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7120 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7408 /prefetch:8
C:\Users\Admin\Downloads\WannaCry.exe
"C:\Users\Admin\Downloads\WannaCry.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 189401739381176.bat
C:\Windows\SysWOW64\cscript.exe
cscript //nologo c.vbs
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe f
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im MSExchange*
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Microsoft.Exchange.*
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlserver.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlwriter.exe
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe c
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b !WannaDecryptor!.exe v
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe v
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+buy+bitcoin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff814e73cb8,0x7ff814e73cc8,0x7ff814e73cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\explorer.exe
explorer.exe /LOADSAVEDWINDOWS
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+buy+bitcoin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff814e73cb8,0x7ff814e73cc8,0x7ff814e73cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.btcfrog.com/qr/bitcoinPNG.php?address=15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff814e73cb8,0x7ff814e73cc8,0x7ff814e73cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7116 /prefetch:8
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BonziBUDDY!!!!!!.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.shopify.com | udp |
| US | 8.8.8.8:53 | www.wlmouse.com | udp |
| CA | 23.227.60.200:443 | cdn.shopify.com | tcp |
| US | 8.8.8.8:53 | productreviews.shopifycdn.com | udp |
| CA | 23.227.38.74:443 | www.wlmouse.com | tcp |
| CA | 23.227.38.74:443 | www.wlmouse.com | tcp |
| CA | 23.227.38.74:443 | www.wlmouse.com | tcp |
| CA | 23.227.38.74:445 | www.wlmouse.com | tcp |
| CA | 23.227.38.74:443 | www.wlmouse.com | tcp |
| CA | 23.227.38.74:443 | www.wlmouse.com | tcp |
| US | 173.255.195.55:443 | thunder.spicegems.org | tcp |
| CA | 23.227.60.200:443 | cdn.shopify.com | tcp |
| CA | 23.227.38.74:443 | www.wlmouse.com | udp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| NL | 4.175.87.113:443 | msedge.api.cdp.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| IT | 91.81.130.133:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 34.54.30.0:443 | monorail-edge.shopifysvc.com | tcp |
| US | 151.101.193.21:443 | www.paypal.com | tcp |
| US | 34.54.30.0:443 | monorail-edge.shopifysvc.com | tcp |
| US | 34.54.30.0:443 | monorail-edge.shopifysvc.com | udp |
| US | 8.8.8.8:53 | forms.shopifyapps.com | udp |
| SE | 185.146.173.20:443 | forms.shopifyapps.com | tcp |
| US | 34.111.204.238:443 | otlp-http-production.shopifysvc.com | tcp |
| US | 34.111.204.238:443 | otlp-http-production.shopifysvc.com | udp |
| US | 151.101.131.1:443 | www.paypalobjects.com | tcp |
| US | 151.101.131.1:443 | www.paypalobjects.com | tcp |
| SE | 185.146.173.20:443 | geolocation-recommendations.shopifyapps.com | tcp |
| SE | 185.146.173.20:443 | geolocation-recommendations.shopifyapps.com | tcp |
| CA | 23.227.60.200:445 | cdn.shopify.com | tcp |
| CA | 23.227.60.200:443 | cdn.shopify.com | udp |
| GB | 2.18.66.88:443 | tcp | |
| US | 13.89.179.11:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 104.86.110.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | fp-afd.azureedge.us | udp |
| US | 20.140.151.75:443 | fp-afd.azureedge.us | tcp |
| US | 52.108.9.254:443 | wac-ring.msedge.net | tcp |
| CN | 4.252.185.49:443 | addc43e1f3b64a1c89e7f55057d45294.azr.footprintdns.com | tcp |
| GB | 23.62.195.195:443 | cxcs.microsoft.net | tcp |
| GB | 104.86.110.91:443 | www.bing.com | tcp |
| US | 13.89.179.11:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 2.18.66.81:443 | www.bing.com | tcp |
| GB | 2.18.66.81:443 | www.bing.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| GB | 142.250.187.234:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.187.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.18.66.162:443 | th.bing.com | tcp |
| GB | 2.18.66.48:443 | r.bing.com | tcp |
| GB | 2.18.66.48:443 | r.bing.com | tcp |
| GB | 2.18.66.162:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 40.126.31.71:443 | login.microsoftonline.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | tcp |
| GB | 23.62.195.195:443 | cxcs.microsoft.net | tcp |
| GB | 104.86.110.91:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| DE | 162.55.0.137:80 | arizonacode.bplaced.net | tcp |
| DE | 162.55.0.137:80 | arizonacode.bplaced.net | tcp |
| DE | 162.55.0.137:80 | arizonacode.bplaced.net | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 2.20.12.74:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.180.14:443 | clients2.google.com | udp |
| GB | 142.250.180.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| GB | 104.86.110.115:443 | www.bing.com | tcp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| GB | 104.86.110.121:443 | www.bing.com | tcp |
| GB | 104.86.110.121:443 | www.bing.com | tcp |
| GB | 2.20.12.99:443 | res.public.onecdn.static.microsoft | tcp |
| GB | 104.86.110.121:443 | www.bing.com | tcp |
| GB | 104.86.110.121:443 | www.bing.com | tcp |
| GB | 104.86.110.121:443 | www.bing.com | tcp |
| GB | 104.86.110.121:443 | www.bing.com | tcp |
| GB | 2.20.12.89:443 | res.public.onecdn.static.microsoft | tcp |
| GB | 104.86.110.121:443 | www.bing.com | tcp |
| GB | 104.86.110.121:443 | www.bing.com | tcp |
| GB | 104.86.110.121:443 | www.bing.com | tcp |
| GB | 104.86.110.121:443 | www.bing.com | tcp |
| GB | 2.18.66.169:443 | www.bing.com | tcp |
| GB | 2.18.66.169:443 | www.bing.com | tcp |
| GB | 2.18.66.169:443 | www.bing.com | tcp |
| GB | 2.18.66.169:443 | www.bing.com | tcp |
| GB | 2.18.66.169:443 | www.bing.com | tcp |
| GB | 2.18.66.169:443 | www.bing.com | tcp |
| GB | 2.18.66.162:443 | www.bing.com | tcp |
| GB | 2.18.66.162:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 104.86.110.97:443 | th.bing.com | tcp |
| GB | 104.86.110.97:443 | th.bing.com | tcp |
| GB | 104.86.110.129:443 | th.bing.com | tcp |
| GB | 104.86.110.129:443 | th.bing.com | tcp |
| GB | 2.18.66.162:443 | www.bing.com | tcp |
| GB | 2.18.66.162:443 | www.bing.com | tcp |
| US | 104.17.173.30:443 | www.blockchain.com | tcp |
| US | 104.17.173.30:443 | www.blockchain.com | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| US | 172.67.206.14:443 | coinzillatag.com | tcp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| US | 172.67.206.14:443 | coinzillatag.com | tcp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| GB | 2.18.66.162:443 | www.bing.com | tcp |
| GB | 2.18.66.162:443 | www.bing.com | tcp |
| US | 104.16.118.55:443 | api.blockchain.info | tcp |
| US | 104.16.117.55:443 | api.blockchain.info | tcp |
| US | 104.16.117.55:443 | api.blockchain.info | tcp |
| US | 104.16.117.55:443 | api.blockchain.info | tcp |
| US | 104.16.117.55:443 | api.blockchain.info | tcp |
| US | 104.16.117.55:443 | api.blockchain.info | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 2.18.66.162:443 | www.bing.com | tcp |
| GB | 2.18.66.162:443 | www.bing.com | tcp |
| US | 104.16.117.55:443 | api.blockchain.info | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 172.217.169.42:443 | ogads-pa.googleapis.com | tcp |
| GB | 172.217.169.42:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.178.14:443 | consent.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.btcfrog.com | udp |
| US | 76.223.54.146:80 | www.btcfrog.com | tcp |
| US | 76.223.54.146:80 | www.btcfrog.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| US | 76.223.54.146:80 | www.btcfrog.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3745ee16926653a4762a2d36e4b04658 |
| SHA1 | 3b6b5bd44ba4c81f870378b3c8de0adda29c0243 |
| SHA256 | 898d41bfc880cc020ce778edb5a6a868031f1a7c93a3db565cefb990826eda30 |
| SHA512 | d1cdae77e0e2dc9fe95d278d57f330225e62f901f31fe94cbe672727662ebc7936f742dc1f93c103fd17e84af904269aa26bd0ca797b3c836c60480d8dbd36ba |
\??\pipe\LOCAL\crashpad_2768_FYJINBEMMDQXESYC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e69dfeb630c63511f07903a002a87bc5 |
| SHA1 | 9ac27d8f666e8781ca056a0cc83f60a20814b6a7 |
| SHA256 | 2f6a02dc06e62f474b8c52fc4f6723111309c5602cb4b12c8be3b2b1831f704a |
| SHA512 | 040941b9d87b771bf83e1b22cb9efd7157d39db6b965779a3e9c5a2d75bf7e4fe6185e3cc9351239658a49d686071cc65342f5e7a774906969cdea38f4ae7cc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 33e6964a4f0b0e7d6be9b73fcbe831d3 |
| SHA1 | cdae77f2af8aae5090de5cd8abbcf225c0337070 |
| SHA256 | f3a2687e8be3ab678680db48f1f11340892baece787c17669b002479b352ce67 |
| SHA512 | 3296a52c66f2d42d8355b54c200423fe430d402a472e8bae59e3e583945fc0d8bdc630c467a0f8a778db7138b16e9d04026f2929c08d776e6672afcc4144cc55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f5292aa282de1b0e0ebf1132036e7457 |
| SHA1 | 25ee04dde82c6d68c40c021040e5fa54d71bd8f8 |
| SHA256 | 86a2df6625a454a6bca8933edaa86757d4bb578d314dbcda2e03289a834b6ff9 |
| SHA512 | 95959ef06705531c9f313dcb89f5fca9eda2b83ef00b866c524f6905dc5b661a3c3e976773279ea009676d4acb87d1c055cfb62001ded51b121115efaf2b75c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a78e9af8f8f012adfaf427af66db739 |
| SHA1 | 4f56dd34f0c060f9614251934dcbe78e96711c59 |
| SHA256 | 1d20ebdc176e593ad8ed2a18d7527234f58699e50a880cdb056db8cf8d577ff6 |
| SHA512 | d2476dc4a67466ec0204f917c9f66494ee74f024639c12e6f131ada7a68115761ff04af514260eed0567c5126504d0195bcebba319a810f51f8beaa34622944f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 7b58d93121c30527f424687159f19030 |
| SHA1 | 217a7902418795c322e4bca2fc04437b97df0496 |
| SHA256 | 0b362ce02ca05fc33777301d9ef15f317047de903bc04fb94df585e23c1f4b79 |
| SHA512 | f21b35e8440b388f7fdfaf1e8eb43b3c82b41a9d5f2d1e7a9401f21ccff6056fdea9dfc5b3d78c4314c69faf9be96ccfcc67d22892a4ce6593c5f550b079c82f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a2399117d5c449519346fa9a25e289b1 |
| SHA1 | d64d42f9fc0914490f75e6bcd4e656aac91b9924 |
| SHA256 | 665eb0403d3aa88dbd9648eecf8a97b2d5e754168fa8e4e84f3b26af1ee4fbbc |
| SHA512 | 3f1142a4bd98208ac51e611f509de17d0dec4abafac6015d376fea23a6631aac7183dda47d4ce55357c148500ba4da5e5f1d2eb05e089e50f969b0538efa32eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5835e0.TMP
| MD5 | ba949a4ef94fe9a634248098ef5d6484 |
| SHA1 | 2b4889d8328ce20c97698e248e90989bb2e52caa |
| SHA256 | 127982c3ab2cc2089d090e2fbbcd8de845afbd937d657cc512fd48d2ec5ae957 |
| SHA512 | cd5254d81e6d5b711894b1df59d5fc3d339745f1b66626a78c20cefc8710d47c0ce2e80940e736db1249b4e5dcf8cc03a3d2fd706a765c35268d0074d4a90325 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5fa5f15a2baf7616cd95315f2bee3ba0 |
| SHA1 | 6206912a0753a1ac6c5f69fdcb6e9d09af7ca2c1 |
| SHA256 | 616a9696b0d4ae52f0ec6380bb980376648c9d13e289652f0e26cad996970046 |
| SHA512 | 0b2609f79425af6c606481e8ed21bb7de9a94a7956122c81adc249bed9dee98eb0c5cd94ab11f67ee566c98a892fb65a3a1b5db5e11602d5a2a6428918598344 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8e4c81db1a82732a5bd228b9baece36f |
| SHA1 | 014f0340351191c450f9a9749e92a3fdbdae3813 |
| SHA256 | 922f50e4d37164f88cfc43602a50d574e38cdbf7c12bb967e9c6e53fec329d16 |
| SHA512 | fc2496166b4a8efa270c80964a4c09d08ce91bf18397ce03e35e4cd8edd2acb90629c02f84fed936e777ef3ae4d48a313c2285d114e938db873aac22e7f7053d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 78fda7751a46ee86a08d495bce78badd |
| SHA1 | 90598331a03de724b653f025d22bae91ed741934 |
| SHA256 | 8da66f52f57e2425576a2d5f7908575faf4650ff7c52b4829ebc322722ed21c6 |
| SHA512 | 7df932698213fd09bb9700809a0423a91a47e71ea427bdf192af7a866d71703514afb370760fe2066c97ec4e30105081a6a207b9bc84810344ed39784e823f61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cbd138ad43eee3eebf20130ffc506232 |
| SHA1 | 9eb21b74d3a3567622457a43901d78ea4e4919d8 |
| SHA256 | 76443f69d8fc736532f45dbeff18ed2a93f143e3d4f7a7aee0fdb32e73920f23 |
| SHA512 | 01fa81329c52657c352bf9874561eff0d72fd5922c2926bd148cd69bd5dbf8dd2e706c079e9e5831793cc5c361a2c77ac88b03591629c5720b866a82314146c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 416de543f9a235a8461169b89d2796b9 |
| SHA1 | a8cc6f55371c7d92b42ff80481bdcde2484f95b5 |
| SHA256 | f7ba60d6d0f4838ced5a1514d2e4a75c113eeeec8e8139ff07a405afac111c8e |
| SHA512 | c489eea374dc995600a4f1ced9bf5e124f95f684e0cac104facf9833179f4685c8250efbf904d19154a840dfcd34f2f0c4b6e3bf56f29a6542fb3b92abbc564f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 25ffcc0ef55ab71f434f42ade41d521f |
| SHA1 | 1d116c863ccde37c4bdaa45fa6c20e5f1c409d9b |
| SHA256 | a625f8b96c61d1ce96e5a19facc9018786da2249ee6e4c91f5be4852f1dc2ff2 |
| SHA512 | 23bab48498ae7e4fae02f023e38d0acecff01af38c7545a32dabaf026fc70bb99e07a2a2e8380d5ef6ac83cebc63adfe341b25b8fcd127d0e698575842d6baf9 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 9918786300ad8c717995d228a3239f40 |
| SHA1 | d2eaabdad2ae7975eda10ca4b164aa03ff40e90c |
| SHA256 | 98ef46a27db3af45c6a72f04826f6eef615a427f48caae9ccce6ed94a788a3e5 |
| SHA512 | d4d43b9a896b8c8029b7a159af96135cfcdf2fb9a1eca4e5c657beee3fd1226d355eba78ac883c89bef5efef179b8609ef9ecf173991b724118339d831e9a040 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e15fb5e6ca45768d2456d9385dc367c1 |
| SHA1 | eed7e123e81bcd70a5b5acdcb15ac0d7c572fc10 |
| SHA256 | 6bfd27ffdcf48bb7fd0875c435c18cc267d9b77b89207f93c1b537feb552f81d |
| SHA512 | 5b33eacba9acb53d162999afb64be4147c714a139ae2f4fb5a41c0f41e96117abefebf73d8de1a9b0d59ad0becc902dec83062dc0f5454865b82b83bbb12ffd6 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\877d73a2-d2b6-4245-95db-94ca21b73956.down_data
| MD5 | 5683c0028832cae4ef93ca39c8ac5029 |
| SHA1 | 248755e4e1db552e0b6f8651b04ca6d1b31a86fb |
| SHA256 | 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e |
| SHA512 | aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7e3cc0987d62a62a384f2bc2dfc90d0f |
| SHA1 | e6323676ebdee51b31596727123a5cbbb92cc964 |
| SHA256 | 0e9759ae17e65c69fbc4776118093a1c9114b8ee94a69ef57125f615c85431d8 |
| SHA512 | bcae3410b36bdc0ab078cda95a1419ff17cfa30280e92cee97e2520e6246693331089253a787efb177e8b666068e95df45f6a90def5c58036a7456a5fc437257 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0bce03ac856ef406ecaeaf8aa191930d |
| SHA1 | 0d8ca2ff1b6a272ebcb32cf2cce567b814a7d150 |
| SHA256 | 415e2ee67dc421b33b955c8dc804d53b5b0e296ebe28dfc5739bea6b3552d792 |
| SHA512 | 388d7b20063880b8cbc70a178e44a4e287a39cb9d2333b36c9f60e281a5d69b97e9e31009512ea53c004ad5e49902b31bf21d46e673e9a0e1d7020bfeae9db7a |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-2-12.1719.5328.1.odl
| MD5 | 4684300253b350fc7a09412a96a820bc |
| SHA1 | 68c9430b118b5f68a1b39dae2fd30837cacc02b2 |
| SHA256 | 72268c588d1a9e86a9a45bd2d8dbeaafee53a484d9e06fed2a2735514b7ae32c |
| SHA512 | 5395af07fb77e37dbfe2b01eb1110da419f8aaf86e301ace603c6f0cdc253d83139cbae0d60843a82fd9645ff6fed9ce51a51ad28e60bf60bde2da2f6c801737 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-2-12.1720.5544.1.odl
| MD5 | 553a5fd25fcd7340a3831db04d499165 |
| SHA1 | fa06a4575f6ff7957a0353dbf9803b1055509120 |
| SHA256 | 6237edc9c2a20cd78de0a9d7783bd3632e40c00fad4c0c38b35187e13869ffe9 |
| SHA512 | 4484831590c44acbbb70f3b3395d687a8a828e23443fb757e479759b8a723b9dc06dbc1b46ac6feb35e04343344c49475038c1afa129e46ede6cdc06ee2e25eb |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-2-12.1720.5704.1.odl
| MD5 | e5e83720a3d8e40afc9841cc2e0958c3 |
| SHA1 | 09510b955d7a323d83fcefb54dd8df8b2e2ed8f5 |
| SHA256 | a1b16d25d5246915b74fbe4c7260d82036f2b591059b8faf090610b989026507 |
| SHA512 | 22f592035c85f4f1ab5d72b1def8188022d02d14517c10abf4aab28d47f0ec8727c162006c69fd6ff5835a9ca11a607bb77135be75996724a9a30317d5e22012 |
memory/4040-314-0x000002939F310000-0x000002939F324000-memory.dmp
memory/4040-315-0x00000293A4F50000-0x00000293A4F89000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5f4072f9cb5c0fea4386bcb25e542c59 |
| SHA1 | 5d65568e963288e37927f56cffe172dec835af2f |
| SHA256 | 8bd69f2a0ebd9e98799188288bd8fb10f02ec8497324fe13849a25e6f6a1352b |
| SHA512 | e9a9b055278bace43f42e90ed786170e7ba2192b9f4b3b2f88fca6bc29be23542a61046897777406fe1b6cab69dc9fc2e7e96bc05b1207834b9eaabfed18c442 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 723abb94d27a291559465b3148e7b85b |
| SHA1 | 5208eecd065af551c9ff434ff477f4345e4e2888 |
| SHA256 | fe3e76449148fa2cdc1edc25b3d00cef20fa487d06edbb235354c63b975eb02c |
| SHA512 | 5000de09917f438e6ba974325ec89fda598da88b39084e082d00931d2c58ae8fec07182e3b7c8c2434ac39f0707efe13d196dd15c25bf427e8f7e0a17690087f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 884e8c48b7266c046e67928d92a5a903 |
| SHA1 | 756f607d78ecb7de3ab391aa195468599755e3a9 |
| SHA256 | 93fe1261b3eed660a321581f2da0f76e27d6d4a5f7fb203315895677f6c326fc |
| SHA512 | 44f02d8b91d90cee5ce61380e37faa78f687e4418a9776f75e83ca91c185f68db2d236a05a784b971bdd274126ac596fb09313f937faaac3b17b5a9e4ca16d5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5 |
| SHA1 | 6dd8803e59949c985d6a9df2f26c833041a5178c |
| SHA256 | af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725 |
| SHA512 | b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 69df804d05f8b29a88278b7d582dd279 |
| SHA1 | d9560905612cf656d5dd0e741172fb4cd9c60688 |
| SHA256 | b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608 |
| SHA512 | 0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 226541550a51911c375216f718493f65 |
| SHA1 | f6e608468401f9384cabdef45ca19e2afacc84bd |
| SHA256 | caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5 |
| SHA512 | 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | c813a1b87f1651d642cdcad5fca7a7d8 |
| SHA1 | 0e6628997674a7dfbeb321b59a6e829d0c2f4478 |
| SHA256 | df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3 |
| SHA512 | af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | be8c0b99e1f0ab66ed263e61a4fa04b9 |
| SHA1 | fdfcde3151bfb7ed46a4af7500d466982c7d62ac |
| SHA256 | bc1ab559bbd83ae62c60582b8fce4f61e0d8e47a9c1c142990018c417ffc2f1f |
| SHA512 | 3ce70121de8dbd3fd10ac4322ed3848c36f633fb71c1cb98aa91c6a697db9b3897292532f3407ce8691d317eb0cdee67b654f7ec151911bc09071a3dad8ed4d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | af8cba47ac30300240df925e0729bab0 |
| SHA1 | 36d17cdf066993bca4270300cb4b30b287697688 |
| SHA256 | 73a727f0bbdea805c7e73a36928c4b891d5394ad2f34873094886e39ea7adb3d |
| SHA512 | a7288347e4a391b1709d124fdc9630a23d0cb84f851321840becfb85edfdec436e99e1b1052a4102a86ddcf8ec50e5b7bca3b4f0f5e64026ddba86fac4493d1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 988644ff161fd51cdd9cde09a5fc4a3d |
| SHA1 | a41964637eb2c09d1d7ac278f1aab4518fdf6c60 |
| SHA256 | 70f3063d888629cc91595e4443af4ea93512a2e9ca2ee9acb3c92587044af67d |
| SHA512 | 50103325e88b4f649593923f2ca13938aafbc03f227277a8a0b03c26ff145d6c1f7770f4d4e28b56f7a5c402602d4c4293fd33ad0f848b16a0c13d21626f2823 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d82d69b518461b0a6e324bb7c8ce7dfd |
| SHA1 | 47aaf0b3aab594474dfc058e1a289445b0792618 |
| SHA256 | 12a202476519f980bed42689d91908d9db77d212d2a6a2b4698d8739de99d724 |
| SHA512 | 77d1b5999a5e88f957bd315a58b2526542340eb789795214a44f12b9f2276c49691c0fbea817b9cbe35e4c456a682cab4d406626cae5a1743d040545cc098ad3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb6b2d5a327e12835b95d346772f038e |
| SHA1 | 1fd69697d3a376907ab3c2e040baa2274c4d2e42 |
| SHA256 | d26230f136cbdf2f3efdb1f84078056aad0261ae8f0fc99de4f2b00f4a979dc4 |
| SHA512 | cc729dc89f97efbcc3fd5708a5b8d02eb4f7a55adf0f210efa01c37c2529bfaac43eb574f981b811b5c49c17b72ea1ccf648dc2e2eb0a7282a1b5f1b3c94d2c0 |
C:\Users\Admin\Downloads\Unconfirmed 948639.crdownload
| MD5 | 055d1462f66a350d9886542d4d79bc2b |
| SHA1 | f1086d2f667d807dbb1aa362a7a809ea119f2565 |
| SHA256 | dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0 |
| SHA512 | 2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1 |
C:\Users\Admin\Downloads\CoronaVirus.exe:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1f8c9180b54c5842e84afe2227835738 |
| SHA1 | f36ee88d5443163273b1f3bd9f680211e58c5ee5 |
| SHA256 | 4f1b57002971f5ed40df9e6e60db50063ec235725b8a456d087c0344fc2f2e24 |
| SHA512 | 94ae03e18fe08520e06f6c0be39cb3e23a147ca7fd51f2a76799342e6d2e813fac267664084490a778dfef2c1b8836fc1f8e0bdbb9db378d01c0b925c1967a6c |
memory/4788-844-0x0000000000400000-0x000000000056F000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 564cb9b3139d8ee3f1a6a0d4f5c96840 |
| SHA1 | b7016b4b9b939bdcf163054dccf7ade8776023a0 |
| SHA256 | 88851e3ef611d28ae33d58c83abf494ecc4161761daf77a004756edd273560ff |
| SHA512 | ee0cbcde5af0c9dcd43f82057b6713ab5bc6f300f28ced9ae3953101c9db5c2cfd5824f0fe0870827ace95b2e87b905575fc736fb7c86b1da2ae0ee020e0603d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 69e35fb677fba59e67d34bf3b43e78c2 |
| SHA1 | 6319f8cdf993497ca5ac3cb352f3b02d4651ace8 |
| SHA256 | 0c9b4363a57fa4623ce12c6e70fbc3a991d1d6d738091c69e21f2b301611eed5 |
| SHA512 | 3ba3416d3ac6be1f724eeeab754f337d13307bdee26b300512fdab6aa206fe3421e67af1a7e8399ce260e9975d98d3a8086edc6023c2a60e9012f9643515759b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2c772da15fa527ea7441237100dc6a8f |
| SHA1 | 04a27bdd4c776ed64f8e3885366120bc13d42732 |
| SHA256 | 441908a0fb1cf0fe47a5b55d49addbc3eb94549d4250658455285267de604083 |
| SHA512 | 5dec56ccbe0eae17c41e74f8dd2d4fffee0b7dd8a5ecfaa7c14e608d67ff432d34e2e7061ad96f745ea2da87cc8960e0c7e2624e78b05b258f7ff2e2e05a8da5 |
memory/3348-884-0x0000000000400000-0x000000000056F000-memory.dmp
memory/4788-885-0x0000000000400000-0x000000000056F000-memory.dmp
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.id-CCC57CCC.[[email protected]].ncov
| MD5 | 28e3cdf6338a9057c533f101b06d4e97 |
| SHA1 | 36e2c1568b281dc4fab759f7d0360e28da307889 |
| SHA256 | c99eb4470de5b3dac67f7366d6dce3a0fa59755cb3045bbb5ec649fefd509799 |
| SHA512 | 937b071e8851606393730ccc576423b614be7c5c24b6e0ff21750d6caacde8276b0c9e992774240980fe9108665342c3792b30276da820d449f4f30d35f6fc8d |
C:\$SysReset\Scratch\csrss.exe
| MD5 | 01cde2d68d2b5b8c5f8eb4e9829d28fc |
| SHA1 | c0fd59fe9ea60d0d28b0cc6cff1baf2abf809979 |
| SHA256 | 2e4f398084f26185b89e9d0cd89f1f0faf603a2f1c44ddca3adef321a15af621 |
| SHA512 | 3eeef8bec1efddc8da2f1a7396a25a2ef304f8cdc0fbbe1adb80abc3223387e283816713a968e532b30e68564570e58362823a34212f897f746c449fb1680a64 |
memory/4788-4447-0x0000000000400000-0x000000000056F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 642874f824100d84d037926b02c3fe68 |
| SHA1 | 2beba59391fc6ad027b64a7fd10da1b0d8708d49 |
| SHA256 | 02ef7af86755ebff328b34443e6b5677eedef04830549add82994a80a33f33b5 |
| SHA512 | f5e33170278d3e9282169f96eff5677a3745a0914b67f90669fda85602ec7f1f60ca47fbdbba48d2088c51c552479fd96f073a80506a3475f7abfa8067821d85 |
memory/3348-5915-0x0000000000400000-0x000000000056F000-memory.dmp
memory/3348-6366-0x0000000000400000-0x000000000056F000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ce94a6f79da65bd28d39a330b172d936 |
| SHA1 | 0e4e53f3b85c70107df6c306127fda2fe7769ad8 |
| SHA256 | 9983618a4c14f4162db881f6e0946f2f033995300f4c1f686ca7de6534f38df6 |
| SHA512 | 44bc161e8ce927951c375e4700e0b5e315c3159da4c7c9f6fcda545e5ea4b84587d10e75cbe60b15dc58291fe01df0a1f0c75cfebad652273a8faab7c1d2ce1c |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\TileCache_100_4_PNGEncoded_Header.bin
| MD5 | e37cc9ac43370003c4fe9247f9590412 |
| SHA1 | 42c37ccf65089eb15522fb9dc11d2240e4bcb4ac |
| SHA256 | a54530de01845ff4fb6801caa4938319c84e27a0d3f9aa9862271cc80d9d6271 |
| SHA512 | 5457d6dd8f316f8d0a9a05153f013f167de38ff2ccb42834c58d80ad539b08222303628c6b100c50b01c6f3b78da80703012d8e64feca6825c96148d9937594d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3b7c94e9dd724dc050d20b46525b4075 |
| SHA1 | 98c3f8a3ce4272a6757ac799e2e31449687cf16b |
| SHA256 | b5be08c96b670f4359fd1f6dacca618c0e41ff64ef89561b2ac5c5aff05ea67e |
| SHA512 | dbb29df06f10cb1ad24f31dd49ff7d6740b90bcf26fa708267432912328eb90a3f8ea88710e16fb5f51374a06c4ebc36a73e79d099b8980b797a8aab4165b1d2 |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | e291f261bd904122cf2e9337aa8be409 |
| SHA1 | 9d44e4bb3060f27d9a1c56189fa91e00a5092d00 |
| SHA256 | 6691fcea96b36c1332925be743f8f1c1beb6ebbc13097ad50c97892e885259af |
| SHA512 | a2528d8bbe6dcde12b40c977e627a169989a48912c27f57ce295d299b15cfee0d62e7c973637f2adee96b93e3401d0fde1e3bbb035060bc1cb16ee2fc5ed8255 |
memory/4040-22459-0x00000293A4F50000-0x00000293A4F89000-memory.dmp
memory/4040-23676-0x00000293A4F50000-0x00000293A4F89000-memory.dmp
memory/4040-23675-0x000002939F310000-0x000002939F324000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 97b8227333fdf2d09dc53b443f771ddb |
| SHA1 | 43f3a03e865bebb9204f4b78bb3807e86dae7f68 |
| SHA256 | 7aa9926c82e8dcbb08917af7640132c8c9ccc0184c8276afe0301891124ee0fa |
| SHA512 | 6e943abb1171515e5ca8c0ef2cb3c7e330b397b15d97e566cb5caea041e0abcf5bfda9670793b0db7b7eb0c82f7606e4cb082945ad5bded5280145970d5f49fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL
| MD5 | 577df44ee9d2f7eb9d1a5de4bff4b51f |
| SHA1 | b962cac93b5edc0248b48787fadd70b1aac1adf2 |
| SHA256 | 4e252494d6d03a67ad7fb0f7dfd9efb012f3918a43734670538670e7b422fb6d |
| SHA512 | 842e13cb67ad149606d44203c4fc04ea4c4615124619a322596dad5fa9829d0ab3e303eb5941111bebbaeb7da9273a6009dd491d71d6a9aa6d8da076855b427b |
memory/21320-26973-0x0000000000400000-0x000000000056F000-memory.dmp
memory/21384-26976-0x0000000000400000-0x000000000056F000-memory.dmp
memory/21288-26977-0x0000000000400000-0x000000000056F000-memory.dmp
memory/21288-26979-0x0000000000400000-0x000000000056F000-memory.dmp
memory/21320-26980-0x0000000000400000-0x000000000056F000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 41090f879e1f0b9ba128344150edb856 |
| SHA1 | 0ae4c3276bd93046a7ca759e3e26f8a5a5421a5d |
| SHA256 | e58dd580f375c541d1c5e7fe3127bcc9f1bb5e6d91f773a75fd14cf7c875a780 |
| SHA512 | b9f9a4d7584baa8c5ad800aedc2d5c54dd6ca963b68530d1af033e43d5ce74a8d594d36f7f74fe33b0d69a82204d88736c016457d68e59824129950f40bdbcae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe5cebfe.TMP
| MD5 | 4afa85bbdcc427b305662755ed36154e |
| SHA1 | 76e864e496f632272225b51b5fe4f875e0fcc497 |
| SHA256 | 1b324e339f21f13db14addd70ef423ba86d853e2439998a1ce7fff260cdac576 |
| SHA512 | 22e80f67ba230da95e5a93a5ac118b38665205b268e20f413274e25b5e3dc79428997a7a281675986dafd05b5862b2e7a182347d75af222dda633778580fad15 |
memory/21320-26990-0x0000000000400000-0x000000000056F000-memory.dmp
memory/21384-26991-0x0000000000400000-0x000000000056F000-memory.dmp
memory/21384-26993-0x0000000000400000-0x000000000056F000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 220525.crdownload
| MD5 | b805db8f6a84475ef76b795b0d1ed6ae |
| SHA1 | 7711cb4873e58b7adcf2a2b047b090e78d10c75b |
| SHA256 | f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf |
| SHA512 | 62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0a40b6125840ea875a799e9b839f7c7b |
| SHA1 | a87100813d291b479ba1429e11f0250909ad0a74 |
| SHA256 | 649e2a1886524b6ff0cf25d63d0501b879279dec1d6a24b0ca60f50882881859 |
| SHA512 | 0d3da79f6900edd906534471172cdd245469ed3e8f59adc0ca7fcbd93b2d3747ecccf7c35267d823c919abffeb5d4390b1735eceb0ecdeb92eb8072dd4e9004a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5d258c.TMP
| MD5 | 2977bca6ab87dcc843abd5eb64f87960 |
| SHA1 | bbcfbc154a4255db83a3463c5b8fbf803726dfde |
| SHA256 | 30372e6efc8934d27d2b72f4a114548528702131d4c8fe6cfaeb6e8e60ef5d31 |
| SHA512 | a61b54c7b370b0b07077fc1da47e30f68db79e07a59661a389354a9bc56263b419258849edf72a5385c88afce1efe25da087c22b2372f1c826b881cfc39cedca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 04059e89c04abfea8ac00b5989479bf2 |
| SHA1 | dfb27bf29d5c2793fa27b48b1a6203de88fa2e25 |
| SHA256 | df69d4c2f8c4458a348ef90607df68fc3f38e30fbb53d5a3a15b5bb7e8c62b9c |
| SHA512 | 834db2e8791c36519f62c56fba330c9ed176c2cd933dfed3f703cfe306a979abf89c50176243c8e6be61711c4718e851304cc85d31ec24bc4a196e6efb3e399a |
memory/22256-27033-0x0000000000500000-0x000000000053C000-memory.dmp
memory/22256-27034-0x0000000004F40000-0x0000000004FDC000-memory.dmp
memory/22256-27038-0x0000000005590000-0x0000000005B36000-memory.dmp
memory/22256-27039-0x0000000004FE0000-0x0000000005072000-memory.dmp
memory/22256-27040-0x0000000004EA0000-0x0000000004EAA000-memory.dmp
memory/22256-27041-0x0000000005170000-0x00000000051C6000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB
| MD5 | 09b4caa2cc38d7284a48f5f122cc4ae4 |
| SHA1 | 2fa2887cb4b1edc397066ef1c13bc4d35fc93fb5 |
| SHA256 | beb72c6224b010d509e76fd6faeec0f783746e9913506b040a994332a9aa6773 |
| SHA512 | 76cc7251d5f3060804864b598db412e140b8495444d22e3e55cc5c38c6a375805d31ff1e62571848e517f66f8a4a5ebb1622017dfe9b09946a5faa1995c6fa17 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB
| MD5 | fe36431bb2782b6a8e4274edab07dd3c |
| SHA1 | d937632abffae4fa385270e8546e66f6e07c2809 |
| SHA256 | 94361e5c0d71291c2f6913d17057c7e7a351569c3a915438d37a16345feadf41 |
| SHA512 | 9b6876850e6ce2ac838ead7f1c33bdb21f973ef3f8806b8c576117136bbe5c6832ddca155849c64682d5301e62f0fe5926870e5c4322a65b9ed73d246e7b5144 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a3797b5ca7ddf6665e6326eb8c8658a9 |
| SHA1 | 47236d41556fb9204cedf9bb649f4ca421595dfc |
| SHA256 | 1c7bb418d02bcc308c29b76195e1d49b91ef5429bd1601c21501d13754e8ff65 |
| SHA512 | 72d377516c54a4d7931cb91c178c80804484b1e2bdb2b80a8c732478241ef8153ced9aa5bacfaf6a0a1511c576279fd1ade085ece00f930602aa08b0627c3a6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f384bb1195d6207eebeb230d17339d97 |
| SHA1 | e45563d73a779a2827fd602a7812be390b1cadfd |
| SHA256 | 3fe3a9b6844d97fa0852f822049b42942011e60eba84b075e5f4c36ca166b438 |
| SHA512 | f60ae50a60f2e2e9321fd635d51e66b07f78e272d51f913b2817a2de994c05dbff1cafc245378fdd6d9373037715f9d3f746a216e49b34b2374d81896dee3ff2 |
C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\EdgeWebView.dat.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB
| MD5 | dae28a2f6c8b2d1f1a471d3c5bfb4e2a |
| SHA1 | e6c6f423aa353728fbbac2a4ececd0b512d5126a |
| SHA256 | a492fcad1b9bcbd4d1f57b244184c0003feda0c4e036e68569d9ed980873b91e |
| SHA512 | f8369dde274ce930a6d17ea77fd9333dc716eb2b7817a78f5124a39cb719b3ef27498570d09a4cc0a831b08a8ff32b9fba837df219f0c0ab81627dce3ac4070b |
C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\mip_protection_sdk.dll.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB
| MD5 | 2b81a0020eabe1e4401525e2e9061e31 |
| SHA1 | 5296c078df80ae2df8e12f1953c01db24f2805e9 |
| SHA256 | 95fed1d59419efd33d3bcd50f42c8b19393f8ffe46d1020c6efbfd7e18fee377 |
| SHA512 | 9c924eb0464af630085d35534e1d057980ab6edbfcdd96d7773f793540123c75a58e80635fafe42c31245fbc78d7dff3b0897cf6fe41e5328d22d220d534d9fa |
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\delegatedWebFeatures.sccd.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB
| MD5 | e76e8d5cc83e578a4a56421b416cbf24 |
| SHA1 | c9c6c1b617ba4c69d29c86c262edf551ec2a8941 |
| SHA256 | a1d0f6d156066c21aacedbd9ac137f90e6218ff8ae36d47d513bb77cba3e0b8e |
| SHA512 | 99100a77b94e063ca89c2b8f896ba775bb24a24d29bff23832cd6f872ced1242e6c8f2c70ec61b9c20ad24669ddf5eadc8745a37183d73d983426820369be9a0 |
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\dxcompiler.dll.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB
| MD5 | 5584843f6126d1f926b229c3083fbce2 |
| SHA1 | 53e6974a40f3ad04b5421dd56d06dddc3bfa336d |
| SHA256 | 25a2ae664ae72ca8a7a85f7ba634d4bccb5f9405983f6362cd87b31364b1785d |
| SHA512 | 426dfe8ef175dfc9428150ba45660c3a6ecca55d277ba5284b5a10609de0b68eefa0ef581e5cf27c3ce9fa9c4ed6256d0887aa7fa1ceb5c4fe70b044f0223cce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 09e29877104132a6b3bc83c50bb84337 |
| SHA1 | 31110cda8ca4cd87198522ffeeab333df05119e6 |
| SHA256 | 158a34dc070b66648b07e7a27aaa9764444c5e812a09b9310422b93653333c22 |
| SHA512 | 98d309767019d24c56929e404863f743613519b000f6c9cb9632966cb29a4532f7ffc32570921752043374f79c5331a0c53cfac1731dbb6883c876ec7e732921 |
memory/10704-30539-0x0000000006010000-0x0000000006076000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 496a49deec71777dd471dff13131fa3c |
| SHA1 | 2b596c8adac957891d3e137b69aaad668b16081c |
| SHA256 | 3f2470fa6dd6f3e51529fb0af02b5dad2c14177b82603cf40ca90e825f110a05 |
| SHA512 | 1c84928c09e3f79dadd25c237bf08c3222256e8f10719f74da9cd59422103c52a74f47994231e147965af58c262e156ba9795c3b4c8ec85d77b901cc87e324d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5dcc2c.TMP
| MD5 | 013f23e165dc746df4117cce2a80b915 |
| SHA1 | e0aca62e43779b1eb1c03e19cd421de6e500ba3b |
| SHA256 | 9b8e0e713734a294edaeb523397f1be4ff49f589325ec6564514b35f6eaaa8bf |
| SHA512 | 95ae7ef2d5bc31d298b9c27a8899b77d5b04714a06a3de2068ede600d21a0194b106213abad1a72a80b87917e7b52641ee7c99978eadb2c891b4f65523b3322c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c7fe141d3f63e532e46160f0e25290f7 |
| SHA1 | e6d2fa6f3684ea029999da5ccf294d1ac068652f |
| SHA256 | f988e5c19745d5e5fc6b66f6f7dcf728c092748627df26fdaae05c023114ffd8 |
| SHA512 | b945ca949601b15048bee6bb4f85a7d5718b1d3bb7e23d0c19e642e9d11ed500637634f1ab0424b89dbb15bdf43a694cea222658b458830c95357664e41fe284 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4cd9a4d65ba2a9217a257c13735df704 |
| SHA1 | 57fbb16ab8b331b12d1d479e403b13498e887d1d |
| SHA256 | 6c7a4ef022c86494d7ad2e185045d3f91a537dc12e9ad7c8a33b77fc14fd5264 |
| SHA512 | d7ea3eb9902685d16d9c17acbff432869fd383d0fc847ce7dc4ca20520aa6593a5d40f5a80443f4e479b1d370e4f3310570a5cc712b4f0fcdb778fbb74d08306 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5d3f23b9bc1c7129df5d75ba8c0cbe39 |
| SHA1 | 5954e0eaa655c165e75c36305a73ec7877d553dc |
| SHA256 | c2dd06e872664e351c21f66228aaea46021cb8260ab3dc1f81b71dc951bb11d6 |
| SHA512 | f16374361ea38b0be68e0942ff8fc4b5e1264f6c38663c040d0ae76dccc439d4f39b552eded9c6c48346e47154d99f8bd3d02173d16f0803aea8953239b64f2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e7bab46c452d4c393c44e23d7ced8505 |
| SHA1 | 69cfe4bb2fcda0ed91b5fb963f0661454c01b6d5 |
| SHA256 | a25ad1d46b3d45503e5a3320a50e85b35a4cd90ab930acaccae468193049ec82 |
| SHA512 | a083773989fcfb2d183b0b5f33aa50064b7bbfb39d8efa9cc9c7115f979fa0f7c1b810e4084d3548e36aa7c375745f6e415937d14947b30386c573cdce9af8ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RFe5df32d.TMP
| MD5 | c5726913b314bd58e932ebff8bbde88b |
| SHA1 | 55eb5fe51ff4ea5676ce9bd0791b1f6aab79f8aa |
| SHA256 | 9a9addb0564e5b6d26f00eba25a2ef58c9cbdd62e45539015e227aa95377d0fd |
| SHA512 | d5c852eaed19f8ece5e289c50f429b68e1a8d2df632be4ab3026ec5bbaa632405c4d46b66e5d58e619225aca211a024dc41a6d17c468678852c7bc248d2989aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 90f14987521c98202c54293ff6fada57 |
| SHA1 | b8af06e93feda9ff4f8401618c7ee7080127065c |
| SHA256 | dbf784aa0804500c7e8e2333d5304f96d3a67547cd3c17c5cdde3b5bac8da7da |
| SHA512 | 435cc656cfaf067e437f36d0f9dda2c3b0fe08756631a98086060746031066ad48228a4022981857c37deed3aca8d2866a6b975449c5c38ce10c528be722117c |
C:\Users\Admin\Downloads\Unconfirmed 981259.crdownload
| MD5 | 9c3e9e30d51489a891513e8a14d931e4 |
| SHA1 | 4e5a5898389eef8f464dee04a74f3b5c217b7176 |
| SHA256 | f8f7b5f20ca57c61df6dc8ff49f2f5f90276a378ec17397249fdc099a6e1dcd8 |
| SHA512 | bf45677b7dd6c67ad350ec6ecad5bc3f04dea179fae0ff0a695c69f7de919476dd7a69c25b04c8530a35119e4933f4a8c327ed6dcef892b1114dfd7e494a19a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 71db135b4cfcf7c182d4537a305812e5 |
| SHA1 | 54581df1ff43a4df38fad70e15493114c5839b2f |
| SHA256 | e34d95202c662551c2cd889c9038e596ae07c6e8925e481989bf9f4d3c00bc0e |
| SHA512 | 13f87ae65e353f0bf27183aeab802dea24758a122a691ca2aee516ce91874d210e2132b53cd9eb3b780296a0ddfc7e43016a5680eb8099fd0ff40ef37b87fb90 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
| MD5 | 8cdc9b058214ca4835de428d9f0eebd1 |
| SHA1 | 51c9b065bc8216de7a5ca8b095bb23975d4472fb |
| SHA256 | ab8ec7eec7a3897446e744346edf97a29db9e97533dfdb59e6ad3a3dc0fe3f3b |
| SHA512 | 750fb0409f6085a4758e647387bd21a44dd4973c2780d6269c3c95a03cb7a04ed516632fa2fc9ffaf34b7682b101a091855d8f1f1b00747202f3e861fc9a7560 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cafa86d843ce7973a9b337cc80cbee05 |
| SHA1 | 2cbbec775d1d065bc454a347bdb6b5abf2a97c8d |
| SHA256 | 26e2c77ed01ce59267ea61a38086ce53b047b37925d5978c12dc558cc6a4ae64 |
| SHA512 | 7f45c76b212aa4aba4e9021e78ba9128ab01dd25d938db0aeefb92a3cfed65dbe23f42714b42bb29aec7a6222b3fdd1e2190539bf7ea18595a8f3e41ded3ecee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 76bb63069169b6a21c02ea79a31972ef |
| SHA1 | a1e849858de4c917b9c623a9c772968175efc4a9 |
| SHA256 | 1f9ae4ff15a2877acc12f9cb0e2f9d4dc1b764852cc355282c95d9549fb4d0a7 |
| SHA512 | ac4cfc9887a3875b0f4ee414ccec4b1a3b410e12661d7490943450f7d555d2ee132769d39260ddfe5456d211096c24e0cc4a46353c60c7da7d2bb1e69a57af47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5f3c9c1c9fca83e48556673ba5575279 |
| SHA1 | bc4d35a1d6b3623418d1559887ace3f0b410e78e |
| SHA256 | 9da7674c49394beedebfe5906736cc14422133f0326790833ae1f14e20f5eb14 |
| SHA512 | beb9d60a1e0c74cbe81915c699c39285209777fbdd1d523b3b5c40ab680074bf77da4087619009389a946a4e4ab6c0d15474f1c058ecf9cd57dbb574f3eb188f |
memory/20492-31143-0x0000000000400000-0x00000000004DF000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | def3b016b439642351319b27e74d23cd |
| SHA1 | 3a2ab168dcd6b9587bd9e96580444aeafa5fd159 |
| SHA256 | ef34c9410c03f68683a931da73535987f25062226be6bc38d76351f064956aba |
| SHA512 | 3cfbb24875a9073df823acedc7bb07de5585a32d59afb8d7b4713675a8b12c9a192bea68ed98ffd4475d0ff27cb28e03fbe484415d0fe3fb9aa36a7a27ea312a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e8ab33525daf97cccf3c1ebde728097e |
| SHA1 | 827f12e176cf53dbcf7764412fc0e33d66e6b091 |
| SHA256 | 52473f0baca50b0ddfe1de3c61a369fdfcccfc33ce53364452e3d3289e8f414e |
| SHA512 | 89a03d7274e4a8158849297496cdb8f1906cd593b7cb55935b9a09a07832dd2f43476cb9737810637f7273f8ca241ab4aadbbcf52f5c79f710ebe63d5fd74d12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 890616fda83745474bd62643f06e12ab |
| SHA1 | 45dca47664b6b67dad27eb64108640d67a234666 |
| SHA256 | 5bc741fc9c2853a141413b5bec26a0cc6e52b094f913031053a864019d20b54f |
| SHA512 | cc5860e4c7c4959d8a537b25d00b18cfba15c8ea5ec707a2540370f0dc36d0e7361cc6487dcfbd0e92a9080a0261b3e8084a9ade4d16d1d2a6826ad97b166718 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f4fc84c27b099ed731c6bc22b37a2f51 |
| SHA1 | 7341f19a2e2556ade542517d31551e88f243e093 |
| SHA256 | 84f129b15d941b44494bef5ae142f410ed24a739e877591f0b8739af6adcbd3b |
| SHA512 | ada492a3be3d252c14d73c6277b61984f38595d3645ed0f74bba7d20a9bf290d2ed4a234b5594b6f87bbffe7ee08080d37bfc1f81a156b9c5d5f2181e5702779 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4d420503319ea56b43502672e42fc7b1 |
| SHA1 | 087bc4e5ef2f0bd8e880a7c6480ff17f67078048 |
| SHA256 | 30e82668d398fd6915592f7a72649c7312e8f7e7ceef69bff51741d251445b74 |
| SHA512 | 517ff160aedbc303c618579ebf0c654bdb1f776441aa38b67802c901d5177420aef0608a891c846898be906c8bf6717089e85a8bd03a93cd113fc91f1b2f850a |
C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Installer\setup.exe
| MD5 | 1b3e9c59f9c7a134ec630ada1eb76a39 |
| SHA1 | a7e831d392e99f3d37847dcc561dd2e017065439 |
| SHA256 | ce78ccfb0c9cdb06ea61116bc57e50690650b6b5cf37c1aebfb30c19458ee4ae |
| SHA512 | c0e50410dc92d80ff7bc854907774fc551564e078a8d38ca6421f15cea50282c25efac4f357b52b066c4371f9b8d4900fa8122dd80ab06ecbd851c6e049f7a3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 65f0044af468294eae49041aac16f47d |
| SHA1 | 305c74890f979eccd0e88294d4d7998b8f879235 |
| SHA256 | 819b8f737ae54271b55822eaaac9f3eddb36519c414a3cc18b47140fe585ea76 |
| SHA512 | fec53c5f3c97f2a9ea0487990b94fbbdcbef37ea381dbaf66cddbd006ec72dfd2dbe05fd6a375456ef662c28dd831afeb1535cf29d2ed889a27afd3ca213762b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c2ae6ca020a56b0c3242c31236abc460 |
| SHA1 | 0f58dd25876e23053c9401a84edc2d02aeef9131 |
| SHA256 | bb813ea686d329b782003c01a592e1e91529f9c60a1a230754ee64bc77dd1d0e |
| SHA512 | 89cd1b91bb733be46d4bf36a929433a529b65eaa6b41268e52e35823846b58d6f9f40b062c7d4115a9b5bf5266a2e9727c06585f6e6c18ef10dc33cbb910f232 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 10453deaccef6a60e583fd9e4ee71bed |
| SHA1 | a410077ce9ec78089f12409892cc00899b490b12 |
| SHA256 | efe17725f4648f27567a855d8e2511c6bf070d3f429827737fb252100a89f334 |
| SHA512 | b91a43fb20b26889d525cf24aa0547de3e4043a6668d90d96d01c4ddfc130a07b3ea500164a6c6002a7dab977850208af96c2fca9dcdcca1a718725a5418834a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0266bf86e67139553ea419b2a5d174e8 |
| SHA1 | 34fcc9785e134ece5e151807b2db19c57f84a404 |
| SHA256 | a910f71e8e6f42e299727c16250419d49b1f068bc993ace5f48c1c501d3430e2 |
| SHA512 | 3da07ca5f32e077ca1ea8ba3a6ca4c074a2e350682f151f987d1ec6d454a00a341f6645d67ebec0d0373ecc8ff665c4b9ab97ffbed90cf609a9f2c4fbcefe729 |
C:\Users\Admin\Downloads\Unconfirmed 700157.crdownload
| MD5 | 5c7fb0927db37372da25f270708103a2 |
| SHA1 | 120ed9279d85cbfa56e5b7779ffa7162074f7a29 |
| SHA256 | be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844 |
| SHA512 | a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8615ae520e80b6604b0b8719995a2765 |
| SHA1 | be21c19033491c756bc81d790ac5f678afb7e3b5 |
| SHA256 | 67ffd77bf551fdb86d243fab2652a843153ecc1cdeead1230c8a72db68bc71b4 |
| SHA512 | 902bb8a88c752d1fa535f9245d739e31cfb0444f4f5fb0facdedbf80616bfa47a5c8443e100f9d2b71fe075324b0e59cca6a8c24faeb96e6e263c0d85e83e922 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State~RFe5fa513.TMP
| MD5 | 6e3699f3da9b67996e8600d22701fabf |
| SHA1 | f8365fc2814807ee889264a53f26b58f0b24bfab |
| SHA256 | c3e8d7c97cad60698f0d8c46158c1c2025b8b734d4fa9b10f91310c1eb396216 |
| SHA512 | 59656d58f19eaf602843521c56dfff2514a772b90cb014be8b29cf9fdb4d15e400a779c7a1f92d59824769cf9255b5b49cec5c5cbdf74c07f9bd689babc5ec02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4836d2e165b8f354edc6a7a9638b4f3b |
| SHA1 | 4085b128a44b15a339ea264aad55523217359f01 |
| SHA256 | b48aebb6d0d993a2f3e4c994a6ee6d080e06acc64f09dd2bdf21ad3fbb2fdc6e |
| SHA512 | 38bcd0a95e9e30ac2561e7ddb9dcc1b282cef516b93a7619590b7ecf31c4e00a5e11543f09709cebd97876b6ebd506f5f1014709e5e9c5502b2491136c55c10c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ca418753876bf987ad0f1a42142c20ab |
| SHA1 | 546c2a941b72ef9eb9fa1bbf8af92804fe69e496 |
| SHA256 | 8dbde74187037e9dfec8222878ea67bbb8fbbefd6577dcbea71ebcf54b265f47 |
| SHA512 | 0dc302dd0b4ef0161252014fa438970fe1ab598174802bfcd5f3601670efc2274d0687ccf5ce55476c951242624d5ad99e71825ae54b61494eb949f871f6b648 |
memory/22632-31353-0x0000000010000000-0x0000000010012000-memory.dmp
C:\Users\Admin\Downloads\u.wry
| MD5 | cf1416074cd7791ab80a18f9e7e219d9 |
| SHA1 | 276d2ec82c518d887a8a3608e51c56fa28716ded |
| SHA256 | 78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df |
| SHA512 | 0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5 |
C:\Users\Admin\Downloads\!Please Read Me!.txt
| MD5 | afa18cf4aa2660392111763fb93a8c3d |
| SHA1 | c219a3654a5f41ce535a09f2a188a464c3f5baf5 |
| SHA256 | 227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0 |
| SHA512 | 4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 58ca7911df2dfe774ac8c2daac4e816c |
| SHA1 | 3398bbbaf3fe3bf1e64fa482266d61942233c4ea |
| SHA256 | c3cb749cef73c041a5c3e94d53c135388232ffaf15bccc7a8e3198622ef0d866 |
| SHA512 | f8797d3f098f0138769a3e4f3ef1f6795159689e5d2986dbcfb5cf8efbb2a23d38e395c8b695f12ee80fe311a116a707b7f5a38f16011ea84c8535396594f0d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2ba347034aff2592e00c789785cb462e |
| SHA1 | 08f826760a8e44de405f17ce8c5e52bc29c83e08 |
| SHA256 | e0a0f6d50f2e5df05581c7a988c15350ca58408b2192ba5ce5e915a9fcc427c2 |
| SHA512 | 31a0b2ec65ada7007e6ca2a65e6c88ba96a50b1325c1df6596b31096db8292fc90a944d490f9982d0fb4eb3b6eaba7abcf0c430438e49b58fe4ff11193655bfa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 54f3a68eef889100aa3a190156dfe6b0 |
| SHA1 | 85bfcc01cc8b20bc41171840bd7962a1ef219573 |
| SHA256 | c663bb22e0aaa2639cc593a62339d2e8943176af86f05e4ef14da62d4942830d |
| SHA512 | 1040eb753a33f4798932e36ba27d13903322ad6b530b7457438539be09c67d98e8e5bb361a3e9d37f2299fa147eda39ff5b7340317050444ed0f344e31e113d9 |
C:\Users\Public\Desktop\!WannaDecryptor!.exe.lnk
| MD5 | b021246560e7e62d149ce8456d7945cf |
| SHA1 | edcfd36b4d5b1a1bbd0bc1bf57e768d5ade588d0 |
| SHA256 | ca900880211e1c4118aa0bed74a54a96c082e852ac340f46ca273dcb1c0bbb08 |
| SHA512 | 0bb29b0b057636f7a954ca4f79ba4b5acfd89316858559072b30e1dc7062def994ee9995e5f6d6f3b204652f9f47ae84c15afd8e780a84757125105a77968ab2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c95065f6aa8854422c7c76de2d776489 |
| SHA1 | 2416696273a4739f9badf2eb0dc2b2afa4cf38ad |
| SHA256 | 6389800311ab9ea99f7d8b6d59b143968c6c89e66bc1c5f15fbd263e4b83548c |
| SHA512 | 109631d75ba4a9ddcdcd74d2aef920c729a4f1ab185606cf80ddde9936b8d15f7a50a8929b9a4db1c0917c0a662bb34814a14cf0846a15a9e7110a1e8213ed2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\68559750-7100-424e-9918-c9a3306d0730.tmp
| MD5 | 0f97b233e5119305e7615f15f8330d2e |
| SHA1 | 9993b69455814fe18e149dcdaad4fca5a21ddfa8 |
| SHA256 | f65c397a06ac67942c122517596fef0c1e26edee5e3ec26321477424ffbac615 |
| SHA512 | ac580cc636f9ed690a171704d85f1966d051280638522c463e57d304803d6fc47c027e202f5c7b394fd1d5be5ede6d6d5f58f5e6ea4f7e5f445391cdac5ad75f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c11bccb1bc388f2300a6a0ef43d45138 |
| SHA1 | 8808dd977a5be0b6c96360ca525d1ffc37d3dd79 |
| SHA256 | f29fd1130a2eb8aabad5dbf8510f7ec40fa76f047e8ae079323f7befe616ccac |
| SHA512 | 11b385b26203d723d9542e17e8f1ffb149f0330f77a5d1c35d882a74832e7de07d2e43f92b313695a98a3fa5b366077908ccd2a6cd29c59ebe5b3bad4820b37e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 227518bf3d581f0a4a46eb4ecac2f87d |
| SHA1 | 3b31c704c94dd73530fad8da1e5a1038c20a65bb |
| SHA256 | 179189a5b2b90c26c14a2a91566fa9632ac26ea679d2d2f72850486f2bee38b9 |
| SHA512 | ca969fc33e10c3d40b6998ec1b4f9a2a94d7010f18fac537571737118e4459f93f73af7ddd7cd095099b6681e8fb3d4e9dc4777cbbd150c3395c3bf59fd71239 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
| MD5 | 2ffbc848f8c11b8001782b35f38f045b |
| SHA1 | c3113ed8cd351fe8cac0ef5886c932c5109697cf |
| SHA256 | 1a22ece5cbc8097e6664269cbd2db64329a600f517b646f896f291c0919fbbef |
| SHA512 | e4c037be5075c784fd1f4c64ff6d6cd69737667ec9b1676270e2ed8c0341e14f9d6b92fde332c3d629b53ae38e19b59f05a587c8a86de445e9d65ccfa2bd9c16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2d09a71d38baa2738b8ff49f81233390 |
| SHA1 | c677a316e46b4a7233fb3e94dd86658f3fdd0b6f |
| SHA256 | 4390806261613dd7fbb5ec3c47545e4edc297b663550f64d98b5ff92a559c4f5 |
| SHA512 | 92c63726625b21f96d85800da8c1a2061a0b85716a3217dae336f0da603228ba6bb1eb2a2c4fe112a5bac3823d078eb1c8a483e6048bcaf8bb53a0b5376351d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e02d030754a830daae14cd79eeb192fb |
| SHA1 | 5588e748409920bb63e93e601d7aa2e0a1fff7ac |
| SHA256 | f88d8fe91a868975e77c77504f2029f9d364d929148b45a13fdeace00ac61aff |
| SHA512 | 8206cb131a8f403e046f638e74508aad550ec7e255876130b480e4320f4b37adb85b0df1eb7d4e377a3a7016b9f56c23cb342869f461577d911a723178c11a0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4566f82321ad404607ff0097bcb0d3d5 |
| SHA1 | 2c1f9c26fb9938b9f5e4984ac86919f19e05429a |
| SHA256 | e1fafc06011f99231247252bbca08abb0c1f2320dace356b6c52555e529fef40 |
| SHA512 | 03b655006ef2ca58c9419a285339cc7ac599aede34a418e6d19fe6066068d30aede9d450ba7608f5dd6cf9b40d37a87c06caae414443f3b7250b9b302aa9152b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 665290f9062d3ef08efb1ce6b33ec8d2 |
| SHA1 | a85a44ec877e1df391282b2d7bccf7e5b8bd2803 |
| SHA256 | a6cc51f70172b8fe001a927c045952ad3de18e132ceda9f754e47ded258c4a81 |
| SHA512 | 51b63596956b9d67a5dc1af77b2775fb0b7af6d72f683ecf0888b1f5d6a10b789f799b692b19887e3567d1b4822797fb1e9dbcc0cd4bef304c23bffaae5e16bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 373d1bda79ba44e0f4edde04cf526871 |
| SHA1 | 73e75cee3cfa20680934fdfb239e87bd6c9a1c88 |
| SHA256 | ceefaaeaf9f0686df168137aa462c6af6a9600fc5fae0bfdd185f5ce98b24bcc |
| SHA512 | d90de5e027873a60e099028012cbaf91a25fed481000995a431341141d171b4d95dff935181b4b0244c30daee12d9b97ccf0856844b70fcf58a82619aa6ca0d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFe60d805.TMP
| MD5 | 598965b092335cdb8aec11b4e9c7a283 |
| SHA1 | 241434523e4e6f6e926ee62912c377703d772f38 |
| SHA256 | 0b31a68a367db3d34c37d1ca3c6201201bae4d42dd92c4f101502476bd5f5f0b |
| SHA512 | 3c45c88036121ee017889a259462dbee395af69c020f84b013afbdab4bd8a02930037083ea9b45ef6b96c554340f70c031c66565c7e83b50dc439b3109383130 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 14245d2780ab3b56e84139ad2b11613f |
| SHA1 | 4af499c164acf1630cb376eeb1a774bb4c15b950 |
| SHA256 | de10bceedefa2c2fa9bcec83f806727068044911ad4a2d5e11805867569db11a |
| SHA512 | 7b5abd23c57f65564c24407a2d863bcfe0a0bc8c9c928bd2bc2f713c21b2a7ae0cec27787c50fcc67c46b48b81773fc347b982332c326504357533c09ff58883 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b72c316b32fcffde32d3230b993145f2 |
| SHA1 | bcff9c61a2721c05332adca454e16483694dca2a |
| SHA256 | 7c276e7a4ef16f1d0512a70d42841ee249b21d32e6aa343bd418f38d8c6e24c6 |
| SHA512 | 432a0b229bac9d2fc86e6b467add0854eaefd18c9a18165d13a2c3732140c7014e9fb2670b71bfe0a545a8b4491136d7d91b7f9e2d5f0282ce55ae4b918b559e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6084c3897aa132f3494f4f824355572e |
| SHA1 | 31cecfd0b881022417054c4d5894a40f9343823c |
| SHA256 | 3f86b3ea6c79eac6ba5f9c1d8e8cd9895e4ee992f624878ecd1953edde98d070 |
| SHA512 | af3206a85faba3a745a36b43c593c8803fc4128f3ccb16c4d4ca685a9b40192ad8790cb29a18b727f11b68221bcbfadc92132fdd389365723cbf7fe364bb6c0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 13e8be342a3b4b954f50c247dbb14f7d |
| SHA1 | fae28e8f126b43a3bd09c08a88b94c1cf1868239 |
| SHA256 | 0098d2553fe0e44c43ac556ca63fd545e1d9a4e480ae8792ccfaee6b4245e001 |
| SHA512 | ea2cd2eb2496af2b0c0bd58f1641b5a7d9733ae6bd832459fdcc9233fd0923f8c443e6c3ef27fac1914f8e4b36d0139bd5f26e1f34dbbac04a998f6c464c0cdd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 589e60040f26ed12aaa812a19f873904 |
| SHA1 | 6a55be722d0d2f13b2bf562c15920e8d1bb3abbe |
| SHA256 | 05adee79893224171316eca3b4962d5098ce5443af2ad9998c37bb6488e13860 |
| SHA512 | dcda6549387d4ebb111eb746a62865d4ff6ced77cba872965e044c1fe64cc6505149935dbaca8095567e3a9c733f1abbc589413061840404e620efdfd2c95b6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3de64e9f9a2b0c449462f769d928ef54 |
| SHA1 | bae19860a022701cd5539eda1492fd3385562ef1 |
| SHA256 | 1f6bf62e8e58c4efa69523a14669c05767d40f103a1fca7ee6415aca83ee4e30 |
| SHA512 | f27e1b59238bba04166ab9801d058db449c77742636cfd450fedab05fef93f2006e71217eb7fc01d2aaca812fc04245423d5da449b6f272f7bb5dd96b3afee09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3b60a878458496b97a15287af88f30ea |
| SHA1 | 72f0bc8a8d54b3a8a388973bbfe9379ea04d2e8f |
| SHA256 | 7a09811dd015d37b6a66dd52df60102ee88cda2c8ff2d92cfdb5b4f7f2105f30 |
| SHA512 | 182abdef70c609e6db8fbeaf73c2ef45acb2eddabbacbb01e1eee3616bc2188aee498ad7912f5390520127f4a4b833ad20944e82eeb44401c552abbbf3748284 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchUnifiedTileModelCache.dat
| MD5 | c250b420e86a7b9b099eb5958f95ea67 |
| SHA1 | 237d6000ab813e1716c403bdb3df0661076a4569 |
| SHA256 | d0e1c0df44c321848d28276762f5113d222173c29e17f04e10fb95c6855b598c |
| SHA512 | b21515f13c9e5790664d1d5f24346c5bd6bb42d716a45ffd1f57318e26e65d08896392a378cb6aab83f936c95f4af69624386ec437401233da8f454b8ca1685a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | d6a2b1a2e79d673a47b948dba509affe |
| SHA1 | f37a156319aaa2718186984ded2b39718bd1c890 |
| SHA256 | e8963a8ab3f3ea37d41cb50591129c41205ba4b60136453f676b7fdb66cd87f5 |
| SHA512 | cd2980a4357a1e68c424aab6c4ee235c6f34e035b55f985c365ad65610742af4217aeab40295ca29bc94d1a579bbb33d9a71178234d3739a72ec1b6fe067f746 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133838549181455974.txt
| MD5 | e0567caff3e6170cd41a51e672263efb |
| SHA1 | f7e2149f99c97a445aa69806827987e94464cb18 |
| SHA256 | 3a1ebc7e64fcba76af4b4d33e5ff4aec1fefc005902fa0903e0a771e7234fa60 |
| SHA512 | 866b31297e619a0544f1086559ab4f8a9d1d8e841b84d7f1435b6847ba38822d67f94e1932e4f4263490aba71e6a2836010b4aeba9797f6446e0659922fbbdad |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | b3697cf2ccd0389e543b9ee219e5b018 |
| SHA1 | 4fe93ec5fb1cda897716248d969a29b30c0ff39f |
| SHA256 | 525b91fd04746f7c19432dfd0fcb2f9aac6e1f22db72218de6846f90d521aa2a |
| SHA512 | 449f305320974d521a8f9acf8e1bbf3ff464b31e5ebd433a1a309134219b179f8e776fd086f8f088acbf099bb9c0397699143e542680629410b7c6dc13e43bb5 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133838549213756417.txt
| MD5 | 51cc987e4d5622e4410419f835f070f2 |
| SHA1 | 1e1af42ae4fa6b84d16f5354eba86ae9237c0ba9 |
| SHA256 | 86723d9aa973cfab380698595663490bbdd5a9f8c68c3782822478087fbac28c |
| SHA512 | 9ab32bdd3f076aac30605bd22fb492f3bcbd6bb5b03c646c2f6052455a3ec778d6987a20514f7f87300c3e617e23514b6db468a4cb44e2c5401eaff2a1d055d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2127753b7c12b2617dcc5c98d977918e |
| SHA1 | 211b3b77d3f24c5d2718ce2b8182a3f95cdef11f |
| SHA256 | c33c12095842cb079e99ef25270f505db46e78462bff1cf729259fcd5475fecd |
| SHA512 | d0711ddd3af6c5fa035f0a62ccf6f215cb622baa73edd19b865651b29a497b951fe29a45657b510d2b06005d087858e0749177382e8d2e01d727de494c7f4671 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
| MD5 | e0fd7e6b4853592ac9ac73df9d83783f |
| SHA1 | 2834e77dfa1269ddad948b87d88887e84179594a |
| SHA256 | feea416e5e5c8aa81416b81fb25132d1c18b010b02663a253338dbdfb066e122 |
| SHA512 | 289de77ffbe328388ad080129b7460712985d42076e78a3a545124881c30f564c5ef8fb4024d98903d88a6a187c60431a600f6ecbbe2888ee69e40a67ce77b55 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133838549311864684.txt
| MD5 | c7f3ebea3d0003e2461e6689a3264d46 |
| SHA1 | 9ce0628b754b80b04f90dee53fa231a1373386b7 |
| SHA256 | 7e1505f4b8ae4d9592b327e4b291362cff619e67049459e2f7984a351e156211 |
| SHA512 | 687c4db004795ac685bd005cace8c0e4199733ff67d820c846e0656464b00ef72f2c612865804bee23bcad49f45046193a1eb3c1809978529f22065e371644b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\348297eb-b270-4e76-a397-aa04b1360977.tmp
| MD5 | 85795e44e36396df9688fd6067c5bbdb |
| SHA1 | 944d909eb8ed00be0725942fdda4cb33f51feabe |
| SHA256 | 4e0074fa0149538f3fcb23c8ab4a5827e6ae9facf3a5ceb274c4782bd33ecd03 |
| SHA512 | 97c90c865d9075917696cc739c47c09d987b55711d335a142b4af2b4e401f71cc023c6f426df1c137206caae75e3f18f3bc168f96fffadba05cdc745a31e4fa0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ccacd83d9f092a7b56ca9b60c771da54 |
| SHA1 | 7d1cb6668d867dfeb799ab482b00f79fa1f86301 |
| SHA256 | bca4c1bb0c9b0d729123aa91c0a3e07581dec27a5888cfb4c436a6d56351a31c |
| SHA512 | f4f83c8ae22b1ca668b56949be96d5cabdd44283999ec2f350f47f3c0ae0ffa57a76ff6b83cbcb78c1886078d66ec8e28f0c8a16381239a70d904d8a8f8f77f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 94daeecd36f4b0c10b46ac2dc5baf283 |
| SHA1 | 6e9a740ea020eec9f62139e7a4888e70993b37fd |
| SHA256 | 6eba5e0bd25ce880a72b88edabe6c777a86ebc8cc1ad3e0313d3a0a9375c7a7b |
| SHA512 | 04ed0db892b73df7cbf3ab45fe99e2d7e59eabecb418aa268cd4e108b585f1395b8778e0a2b191f53ee9d71fe43fcda0f21eba3dbc3f4763671df9b93296eb3d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | ed127ec75dd5f2c3b99d49cc5e0b2cb3 |
| SHA1 | 937f41003c02c6ef45ad619acda50c938875e8fd |
| SHA256 | cf110a105ddc822e168c63537a27fd76e8dfe95219db2defdbd1f33766109392 |
| SHA512 | 230cb15933b17f98a10a12757e212237e632bfb36804b8f73b48f53c398479c5faa5fb101fa8b2ab8c287834d5d7dc1d4b3894c7afae8742c1a35e8dafeaf51b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 53481082d39531a1d87e61ed495480d5 |
| SHA1 | 5f0183aa5a5cffc8082cc3c363c2e873bc836311 |
| SHA256 | 0d3d57b5febd76634625713b3ceac26bcbb03214947d7ac9a9f38a94fb3e3aa3 |
| SHA512 | 462759b1d6337e5ef07dbc331c586fd8ad16786a380cfdcedd499c6718ce5b09de06253b092149a33a0649dedbd2aee793db03d947bc8a2d53465a0a7c409a08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3108591cce661159ee6a333da959f0aa |
| SHA1 | 8254d5d8d29ba6a653947bb985481889f8603f51 |
| SHA256 | 7d88094f8d6f40e5230505df62232786ba84c51e2d39f1ec22f0a8f58821030d |
| SHA512 | 2697efde5b48dced15a9b61f80ba4b61d2bb755bade0a1e6c74c9b706d9c71c735aaed27c4b012e23b0054bc618cc2fbb5e9f88bcf801bbe0f87b622e4efa3bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a11070c66e02af9caeb176b809538d0e |
| SHA1 | d3381f7f3ca40c5b7f62b6aed270a3b209c4b685 |
| SHA256 | 37e37a83170c81319fade7e7fe314b90fb2253ed89d37216aa3bd6adebf49f6d |
| SHA512 | 1d593c0bbac8a27e5aab73f4440aec8a271fd37f19c81b033f16ab8509e83f4ec0e4f4042563624fa3862d66db8f243e9f58ddf507d9b1dc7bd4d6ce6e3ea258 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8036e2985136c5eb1232a78a4fbec74a |
| SHA1 | d88843a17db80212dcd7319f8b6f40537c0e1517 |
| SHA256 | a5bcaa8cb2945ecb095726c14de4ce420f03c1061e9a99778693d728eadb3ed8 |
| SHA512 | 5444ce88619a670bb7c0ebb747aa27056a9be57c37b4d751774c409fe70e7bd3aca954467d095cd9a50b2b7f6260024592d1630f6d1310c8443eb4ed9ee76917 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e9f76977291341802a36832552ea5e01 |
| SHA1 | d008a1546fb172f93fbf8108a2f7bc336805e25c |
| SHA256 | 578ba65db886d3416329be2c4bf805c7a7d2a5ecf6231a6b6ef9e3b3690d1f92 |
| SHA512 | 5c8e7f668bc071910d82c29f591c19a4693befec06045bf76b4e081959e09f2a08feb1c2c8514e2ad46f0b3b8cf7ba9493255f106ce2490bbe8dacc1ee7cf6c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 924358ae7f128e1146e262671dc916f4 |
| SHA1 | cda0917656c7e4563517c73c0909e764afbdd45d |
| SHA256 | c46f6eb6a5f7ef223b54f2595711297c937151b09caed27e292abb4333068321 |
| SHA512 | ece551a38fec1cbc7b45d835b07398dfeaba1b47cdce2bb7d9d3330493d5da8ec958857ea785bb15bbcf6ea3611914427f2f7088d12fa7497b649237f89f1c15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 38380358b4c52753f4ca19f34fa68175 |
| SHA1 | 60e905a3a763ecb9981f63fae12120f006efea81 |
| SHA256 | a6436211f4ce5c421efbe7494a1be6398182773f4dfda72c7ed0c081b09d87cf |
| SHA512 | 94a95987fcf677fac0aeb83204eaa87d5c4d616822fd7b3b5ddbf0d07b12e76f9bbe5bb72dc71b09ea924d1f850a0e18be8797fdf8b15503a9094c4ab2ee0afc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d6ca6c2f900d71ccc465bd295ac46667 |
| SHA1 | dc2ec32714ca9fb1cf564221d0e49ef03c5f8ce9 |
| SHA256 | 44bcbb8f9a070e67670183ecf3cbcad1c33c19f8b3fea0bbec49ea6584069eec |
| SHA512 | 979eee531708fa51624bdda2ce096ea3bca9ab63d156f61a8f757336214f2bd3308cfa2047fe58abc270052fa182f896a7099dc919a6987fbf7320268861ff2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c539437bd36a1d9911fbf064961893b5 |
| SHA1 | 02ea242278153347913d3a5de0961ab8e5ea30b4 |
| SHA256 | 80cd1bb08dfb2c666e549d7166b237b5085513d59682d750eb379630a7344371 |
| SHA512 | a518fbe969571408618ae64cbf76db30691aa59c227a3ae681d42b9685bcb9508f6bb81ec3a020ab3b75d125593ce06f8afee902f67c9c671815224f270d11f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f822e9e2540c85bdcc6c76e4e7b2d314 |
| SHA1 | f0664072aa030d131e0246dce833ec0689b92730 |
| SHA256 | 5a430c5ac29b87b8bf18794b4b6cc2a6f9822ef32ad6f79e1b6d21dbf2bb36cf |
| SHA512 | 370a2c5a50554b995f6d0d7ecf60e1d7229fecd33cbd827e670372329af84b44bbd188f61184f40800769888c39f8af1512553fac4845e0eaaceab761efadd9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3459d6e8f9d08f07655d1bda857f4c30 |
| SHA1 | 7f9a12ed787d031b664aa08116e825fc9feb225d |
| SHA256 | 3d83d788a40fb26ffa27690fc864dbaf79123a088fc8ea97b3b6f2b947bd3c1a |
| SHA512 | c4aaafa3da1dc4832c6afee8c8f98bdcb51bfef3536bf1d813ca036422feb78a2537c284b8df00057288c8badbfb73a231da021efd6aefc7c48bf0a5769e5b5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe6318fc.TMP
| MD5 | 4ab533050c073d7af0623fcb9a816e07 |
| SHA1 | bfd9a36854dc6a7c8eddfe8d79089663d538bab0 |
| SHA256 | 5d1cdff64a15fabd6da387dec46c93b9903ccad41228ca8041b550a7ad2406c4 |
| SHA512 | 762d433a4a76dcdaf3df3f837a93eeeef37b0590be57deafe06cf1cbd3ab06a778b66777b776ec7b4e4a6d9bd8fe1517c66504da89548089bbd7473935ba6a15 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 47896f3bbca10193ea588f7d1cb18195 |
| SHA1 | d59d55f82deb9a58434cce107a2ca0d6b4213056 |
| SHA256 | 6bd92e7f183b7769cccabf2d78dee97cfd762ad91557a6c58e05671001e7e715 |
| SHA512 | d8f69b30022351a94f2bb2bab50386d87fff5960a9253b05a1a7a9a1fa6d37696e40fb0010890eb0bbe1c506998533f15c39e2604e17e154a01785a5b8ab3988 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4c963a3304dfa3a91a18e9e06bcb0968 |
| SHA1 | bfbb4e344519e6645e32abc17521c2fa5ee75c9a |
| SHA256 | cd2a56fe17066182737a1b195238026eedbc9e905467c5871c59602a0081f8b3 |
| SHA512 | 7a2c347de59857488a6db8f2e7d713bcab0aab607b77aed295a6b79fa997b849e59d264d0e3af8db5414b86f57dda7ecd8d0f871a30825f836598945ea3e29cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 37bb10154e03504b0d819373687fd8cc |
| SHA1 | a765273ae7c492bfb3c5dd32b64121b11e607e71 |
| SHA256 | 3fe770aac534105eff52ca05e645e4ae59d61a65e0add9495ce9e26bac45bb9f |
| SHA512 | eb9889fb3c905cdb6174438177db94dff738b6510723a676e91e1e7921623eede7018d0546bebc192359fb7f02f79ca018e099c23b845d44b7865119b4d2adf2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 507e6b9ee27cf771c26c757c96d38f7d |
| SHA1 | 951285a890a31acddc0340cadd0aa4c7533345f1 |
| SHA256 | 60b12dc40d29aacb6384ac6330636c02f40a4e631a1924195909300f201b4ecd |
| SHA512 | 1a46c39e46cc901657a42d94409666ada6b304809ed8ad5d78569d675c1211f37c5580a636d395d341ce1d10d39a073ba2121d1056cb722cc6e20dfd04110f55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 33400e9472216f4ed7c259c4cd615dd4 |
| SHA1 | cb1353f0ad073524015b075c9577e32e278f9d61 |
| SHA256 | f8e38204071a524b81a34306227c62ece6260b299c81e97f7157b2b6d8aaedfc |
| SHA512 | 7acce614e3a7a54d8b7bba9d365e8da7ab89ec473b2447feecbb519bbcb0b67cc279c1dd137633c94b76ad008634e8c02ee5acc5c4645c1e4b96c8dfcdd314c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0362e2fab66c5867e1edafc3f30ec302 |
| SHA1 | bfb284286bc77949aa19de8f658aea10b780b1be |
| SHA256 | acd1a0c67a263be02bc96b102a602293463fc98d3d5004073901a582eef0bfab |
| SHA512 | bae6383a7a759af60d7e658e1181dbb899c1dbe0eefc81ddb2dba1571cadca50120fed2fc76cdaa704491f95e17f05f2061ce26021df3ebacc3db873b34c1249 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 12932b998a36c63feb5fdf18655051ea |
| SHA1 | 504062b88a91d2866892840eaf14fce8cca2a369 |
| SHA256 | 4de129f87ba4ab0666734566a7a84f95ff67c9ff4b1a95a1ca6689cd02af4b74 |
| SHA512 | 9d92a5952bba1892dc7b529d828ffa25ddc9ea8ea7cdcce82d2590ca5551784137270c0926fe1dd5d0417251371b5c0e31be3ccd6ec090f40061a195f03ded68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 54d9126bccc5c7b21ba5b7627dc04445 |
| SHA1 | 227309f16d42550385a9ebe3421f2be4283e769e |
| SHA256 | a07063e695fc4b7491aab9add64b03fac3587149b3ebf26f05bfa60e54a94ed0 |
| SHA512 | 42b65def32f384aadaf566763fe3c24e0b35f6bbaa5632a86a981d6a5a31b85fe896917f621733f4bb3b3000c57bf037fc0eb2ba90a0c7e151ca81b5c41267a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7c6efdb06e2c3cc7cc220bee4f8e5330 |
| SHA1 | b396622a2ed06af7f8bd606fbca6253b971147e9 |
| SHA256 | 02ad415f939df4b975fbc01b3f137052a36fc07deb662f972954b0abf8ee660c |
| SHA512 | 84ef88a489702821549ca63792c958a3df8534f9ba212aa560fe14d47d911e868f2bc9e7cd1c22bc8fd6186c66f80843f51c73fc56d294750647be49482afff8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3faa850f7dd9bd47da711e870973089a |
| SHA1 | 7aab8762ae164293214c5e24ae1e944efa008a19 |
| SHA256 | 496ce1008f77c6ffa8f29ad0360d9823d872d48e15e678dcee28dff73b651482 |
| SHA512 | 24cd5adf28afeec0913935988a6eb29f9312230672b641ce0c71ca2934a79c959e75c84ebc08229d80e6a31db62ed0a31f451d73ed3882c43e91482756d2b3eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7d4338295976ea77ca8e459366e7cac9 |
| SHA1 | 77507a6d4298ea33c0149a920c0c9ddcd2ecda94 |
| SHA256 | ac161240c0979ad07433c91498d6db27a6db6225d5deb917b3ce8f6d57231ed8 |
| SHA512 | dc5f542bdbf42ba9d29d9c9b665c97dba09bf08111836e1c06187e7bbe9e0281f4aba2da8d6693f587c53654e5fae4ecfb26f66f6fc0f6a8698b547b1204d3d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 79a34c909de7d4bef89b055a5f4858af |
| SHA1 | cf303b4047a32997db79ce14ea4d44241fd3ebec |
| SHA256 | d8cc177d81c6beda7ab0a4ebf6094cc1640fc375d055b914c490db7317f6b39a |
| SHA512 | 6cabf449cd39285de77213beaff021cfffa0c2cdc78dc19ca24a0441d13b5b2d8a9c316532f462ea3560eb34e860b04583c3a4d8d5898ec034b68713cc83f3b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ce0c70312568e70c61006202afef733f |
| SHA1 | a87216a5973a06393b9e7620a3be2835c72b641e |
| SHA256 | 069b32a45dcbd4741bf92b44032a79bab035a0e206afc62e641b623f062884b0 |
| SHA512 | 50848d7320cc85bdd79af051f77c87bd7187bf56ad52bfe2d600dde7a43aefc19702ab302ca9a72eabf82c00fcee438fa635af52ebf14d44956724e4b507e44e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9c5c80e9777150f4fd90a5aa009f4386 |
| SHA1 | 46f9410a41342ea368a0c8f6f36637290391bf50 |
| SHA256 | bd2a9b0c0a90930433bb37ac1ef6a6f4779bad8fc312cf6293b805198cdb94ee |
| SHA512 | 0deb202713875e72754acaa92aaf150e44702bfa793e5593b8630d864cf06908de6c00090507816bbd1c4dc8db5694b36d0795d5a50055de5bb41000249bb59f |