Malware Analysis Report

2025-03-14 23:58

Sample ID 250212-vrr7ms1kbv
Target beast-max
SHA256 b0f9747074a79d49c856ee69096fae7032540c0835aa31d403bdc6c40c2ffaf7
Tags
dharma infinitylock wannacry adware aspackv2 credential_access defense_evasion discovery execution impact persistence privilege_escalation ransomware spyware stealer worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b0f9747074a79d49c856ee69096fae7032540c0835aa31d403bdc6c40c2ffaf7

Threat Level: Known bad

The file beast-max was found to be: Known bad.

Malicious Activity Summary

dharma infinitylock wannacry adware aspackv2 credential_access defense_evasion discovery execution impact persistence privilege_escalation ransomware spyware stealer worm

Dharma family

Infinitylock family

Wannacry

InfinityLock Ransomware

Dharma

Wannacry family

Renames multiple (678) files with added filename extension

Deletes shadow copies

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Credentials from Password Stores: Windows Credential Manager

Event Triggered Execution: Component Object Model Hijacking

ASPack v2.12-2.42

Drops startup file

Executes dropped EXE

Reads user/profile data of web browsers

Deletes itself

Loads dropped DLL

Enumerates connected drives

Drops desktop.ini file(s)

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Installs/modifies Browser Helper Object

Adds Run key to start application

Sets desktop wallpaper using registry

Drops file in System32 directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

Drops file in Program Files directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

System Network Configuration Discovery: Internet Connection Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Checks SCSI registry key(s)

Modifies Internet Explorer settings

Uses Volume Shadow Copy WMI provider

Suspicious use of SetWindowsHookEx

Kills process with taskkill

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

NTFS ADS

Uses Volume Shadow Copy service COM API

System policy modification

Interacts with shadow copies

Checks processor information in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-12 17:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-12 17:13

Reported

2025-02-12 17:32

Platform

win11-20250211-en

Max time kernel

900s

Max time network

900s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\beast-max.html

Signatures

Dharma

ransomware dharma

Dharma family

dharma

InfinityLock Ransomware

ransomware infinitylock

Infinitylock family

infinitylock

Wannacry

ransomware worm wannacry

Wannacry family

wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Renames multiple (678) files with added filename extension

ransomware

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Deletes itself

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDBE42.tmp C:\Users\Admin\Downloads\WannaCry.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CoronaVirus.exe C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CoronaVirus.exe.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDBE3B.tmp C:\Users\Admin\Downloads\WannaCry.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta C:\Users\Admin\Downloads\CoronaVirus.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
N/A N/A C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Popup (1).exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CoronaVirus.exe = "C:\\Windows\\System32\\CoronaVirus.exe" C:\Users\Admin\Downloads\CoronaVirus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Windows\System32\Info.hta = "mshta.exe \"C:\\Windows\\System32\\Info.hta\"" C:\Users\Admin\Downloads\CoronaVirus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Users\Admin\AppData\Roaming\Info.hta = "mshta.exe \"C:\\Users\\Admin\\AppData\\Roaming\\Info.hta\"" C:\Users\Admin\Downloads\CoronaVirus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r" C:\Users\Admin\Downloads\WannaCry.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-1008898722-3518013580-3694625758-1000\desktop.ini C:\Windows\explorer.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Public\AccountPictures\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\$Recycle.Bin\S-1-5-21-1008898722-3518013580-3694625758-1000\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini C:\Windows\explorer.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\Downloads\CoronaVirus.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\CoronaVirus.exe C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Windows\System32\Info.hta C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp" C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_move_18.svg.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\uk-ua\ui-strings.js C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\cstm_brand_preview.png C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\fr-FR\MSFT_PackageManagementSource.strings.psd1.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\identity_proxy\resources.pri C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_cy.dll C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib\warn\warnDeprecations.js C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ONNXRuntime-0.5.X.dll.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateCore.exe.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\msedge.exe.sig.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\d3dcompiler_47.dll.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\core_icons_fw.png.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\glass.dll C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-lightunplated_contrast-black.png C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\dc-annotations\js\plugin.js.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SpreadsheetIQ.ExcelAddIn.dll.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Skins\Revert.wmz C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\zh-cn\ui-strings.js.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarSmallTile.scale-125.png C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\[email protected].[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\main.css.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\uk-ua\ui-strings.js.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\paintpicture.targetsize-48.png C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\NewsSmallTile.scale-100_contrast-white.png C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\pt-br\ui-strings.js C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\iw_get.svg.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\VVIEWRES.DLL.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\IEAWSDC.DLL.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\OcHelperResource.dll.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\WeatherAppList.targetsize-60_altform-unplated_contrast-black.png C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_21.21030.25003.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-60_altform-lightunplated_contrast-black.png C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.MsoInterop.dll.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Accessibility.api.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\db2v0801.xsl.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_1.0.36.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-72.png C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_tr_135x40.svg.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-down_32.svg.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.Json.dll.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-125.png C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef.css.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\v8_context_snapshot.bin.id-CCC57CCC.[[email protected]].ncov C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\text.cur C:\Users\Admin\Downloads\CoronaVirus.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\main.css.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md C:\Users\Admin\Downloads\CoronaVirus.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\CoronaVirus.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Popup.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Popup (1).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\CoronaVirus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Popup (1).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\CoronaVirus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\CoronaVirus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\CoronaVirus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\CoronaVirus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\System32\vds.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\System32\vds.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\System32\vds.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\vssadmin.exe N/A
N/A N/A C:\Windows\system32\vssadmin.exe N/A

Kills process with taskkill

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Windows\explorer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133838546753787792" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\AppUserModelId = "MSEdge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\ = "Microsoft Edge PDF Document" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids\MSEdgeHTM C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.svg C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.mhtml C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0\win64 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\CLASSES\MIME\Database C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\AppUserModelId = "MSEdge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.shtml C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\EnablePreviewHandler = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\PersistedTitleBarData\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe! = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.pdf C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/svg+xml\Extension = ".svg" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\URL Protocol C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids\MSEdgeHTM C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.mht C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\TypeLib\ = "{2397ECFE-3237-400F-AE51-62B25B3F15B5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/svg+xml C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LoadUserSettings = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell\runas C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\AppUserModelId = "MSEdge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\ = "Microsoft Edge MHT Document" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\PdfPreview\\PdfPreviewHandler.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\VersionIndependentProgID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\ = "TypeLib for Interface {C9C2B807-7731-4F34-81B7-44FF7779522B}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Programmable\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\DefaultIcon\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\msedge.exe,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\runas C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml\OpenWithProgIds\MSEdgeMHT C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xht C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\msedge.exe,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xht\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.shtml\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\EnablePreviewHandler = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 269127.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Popup (1).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\BonziBUDDY!!!!!!.txt:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\CoronaVirus.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 981259.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Popup.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A
N/A N/A C:\Users\Admin\Downloads\CoronaVirus.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
N/A N/A C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2768 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2768 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe N/A

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\beast-max.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff814e73cb8,0x7ff814e73cc8,0x7ff814e73cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTE0MkJGQjEtNjMzRi00NUEyLTk4N0ItQUE3NDlCQkZBODBEfSIgdXNlcmlkPSJ7QUJCNzJFRDYtQjQ0NC00NzRBLTg2NDItOTExQzgxQUEzRUYyfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MTBGNjlDNEItOTk2OS00RTlDLThDNjQtMjM3QzBGNzVDODQ5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTczOTI5NDgzNCIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzgzNzY2NTUyNTM3MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4MTA2Nzk5ODIiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5468 /prefetch:2

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\SystemSettingsAdminFlows.exe

"C:\Windows\system32\SystemSettingsAdminFlows.exe" FeaturedResetPC

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vdsldr.exe -Embedding

C:\Windows\System32\vds.exe

C:\Windows\System32\vds.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffffdd8cc40,0x7ffffdd8cc4c,0x7ffffdd8cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=1896 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1740,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=2060 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=2224 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4444 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4316,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4312 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4596 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4676,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4804 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4660,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4244 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6704 /prefetch:8

C:\Users\Admin\Downloads\CoronaVirus.exe

"C:\Users\Admin\Downloads\CoronaVirus.exe"

C:\Users\Admin\Downloads\CoronaVirus.exe

"C:\Users\Admin\Downloads\CoronaVirus.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\mode.com

mode con cp select=1251

C:\Windows\system32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\System32\mshta.exe

"C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"

C:\Windows\system32\mode.com

mode con cp select=1251

C:\Windows\System32\mshta.exe

"C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Users\Admin\Downloads\CoronaVirus.exe

"C:\Users\Admin\Downloads\CoronaVirus.exe"

C:\Users\Admin\Downloads\CoronaVirus.exe

"C:\Users\Admin\Downloads\CoronaVirus.exe"

C:\Users\Admin\Downloads\CoronaVirus.exe

"C:\Users\Admin\Downloads\CoronaVirus.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\daf9868343aa4e3ca5ce60ff18780e2d /t 20860 /p 20856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6972 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6664 /prefetch:8

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4912,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4896 /prefetch:8

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7380 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5220,i,415227965014786706,13408309380511416591,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=5188 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5416 /prefetch:8

C:\Users\Admin\Downloads\Popup (1).exe

"C:\Users\Admin\Downloads\Popup (1).exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\MicrosoftEdge_X64_133.0.3065.59.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff61f816a68,0x7ff61f816a74,0x7ff61f816a80

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E31589FD-17F9-420B-ACC0-1F82CCDA6588}\EDGEMITMP_79535.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff61f816a68,0x7ff61f816a74,0x7ff61f816a80

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff685cb6a68,0x7ff685cb6a74,0x7ff685cb6a80

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff685cb6a68,0x7ff685cb6a74,0x7ff685cb6a80

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTE0MkJGQjEtNjMzRi00NUEyLTk4N0ItQUE3NDlCQkZBODBEfSIgdXNlcmlkPSJ7QUJCNzJFRDYtQjQ0NC00NzRBLTg2NDItOTExQzgxQUEzRUYyfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntBM0REM0M5RS01MzgxLTQ1MDYtQkFBMS02RDdENDFGOUQyNkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMSIgY29ob3J0PSJycmZAMC4xOSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSIxIiByZD0iNjYxNiIgcGluZ19mcmVzaG5lc3M9IntCQzlGQTYwRC02RjQ5LTQzNkUtOEZDNS1CRkFBM0U4NTg1RjF9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iMTMzLjAuMzA2NS41OSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIxIiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzODM4NTQyNTM4MDgyNjUwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODM2NDU5ODg0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4MzY0ODk4MzMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyODg4NjMxNTgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9mZWQ1NTgwNS0yZTg1LTQxZDgtYjRlMy00ZWY2YjVlYmY2M2E_UDE9MTczOTk4NTQ2MSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1aRDV4M2lMVkpwaE1qM1pTNm9abGQlMmJHSld6QWtZWUglMmZ0eThHWkRwdG10SXRzb3FyWUNER2g4UWlTakl2M3F3WTJMSHhXSUtRc2k3bDVZMEEwZ0tXT0ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMyIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAxMjg5NCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTI4ODkwMzA3NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZmVkNTU4MDUtMmU4NS00MWQ4LWI0ZTMtNGVmNmI1ZWJmNjNhP1AxPTE3Mzk5ODU0NjEmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9WkQ1eDNpTFZKcGhNajNaUzZvWmxkJTJiR0pXekFrWVlIJTJmdHk4R1pEcHRtdEl0c29xcllDREdoOFFpU2pJdjNxd1kyTEh4V0lLUXNpN2w1WTBBMGdLV09BJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTUzMTY1NjAiIHRvdGFsPSIxNzg2MDQwODgiIGRvd25sb2FkX3RpbWVfbXM9IjQwMzg4NiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5Mjg4OTEzMDgwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJ3aW5odHRwIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9mZWQ1NTgwNS0yZTg1LTQxZDgtYjRlMy00ZWY2YjVlYmY2M2E_UDE9MTczOTk4NTQ2MSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1aRDV4M2lMVkpwaE1qM1pTNm9abGQlMmJHSld6QWtZWUglMmZ0eThHWkRwdG10SXRzb3FyWUNER2g4UWlTakl2M3F3WTJMSHhXSUtRc2k3bDVZMEEwZ0tXT0ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIyLjIwLjEyLjc0IiBjZG5fY2lkPSIyIiBjZG5fY2NjPSJHQiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3ODYwNDA4OCIgdG90YWw9IjE3ODYwNDA4OCIgZG93bmxvYWRfdGltZV9tcz0iMzQ4MDgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTI4OTEzMzE5NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MzAyOTgzMTA3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5OTIzNjkzMTQ5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMjQzIiBkb3dubG9hZF90aW1lX21zPSI0NDUyNTgiIGRvd25sb2FkZWQ9IjE3ODYwNDA4OCIgdG90YWw9IjE3ODYwNDA4OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjIwNjkiLz48cGluZyBhY3RpdmU9IjEiIGE9IjEiIHI9IjEiIGFkPSI2NjE2IiByZD0iNjYxNiIgcGluZ19mcmVzaG5lc3M9IntEOTk4OTNFMC0wMkY5LTQ3MDktQUUwNi1CN0QwMzE0OTM4ODd9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEzMi4wLjI5NTcuMTQwIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMSIgY29ob3J0PSJycmZAMC4yMyIgdXBkYXRlX2NvdW50PSIxIj48dXBkYXRlY2hlY2svPjxwaW5nIHI9IjEiIHJkPSI2NjE2IiBwaW5nX2ZyZXNobmVzcz0ie0ExNThGMEM1LTU5REQtNEE1NS1CMjdBLTJFQ0EzOURENkY4OX0iLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7120 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7408 /prefetch:8

C:\Users\Admin\Downloads\WannaCry.exe

"C:\Users\Admin\Downloads\WannaCry.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 189401739381176.bat

C:\Windows\SysWOW64\cscript.exe

cscript //nologo c.vbs

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe f

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im MSExchange*

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im Microsoft.Exchange.*

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sqlserver.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sqlwriter.exe

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe c

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b !WannaDecryptor!.exe v

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe v

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+buy+bitcoin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff814e73cb8,0x7ff814e73cc8,0x7ff814e73cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+buy+bitcoin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff814e73cb8,0x7ff814e73cc8,0x7ff814e73cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.btcfrog.com/qr/bitcoinPNG.php?address=15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff814e73cb8,0x7ff814e73cc8,0x7ff814e73cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,11542973097016705326,17701182153711411992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7116 /prefetch:8

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BonziBUDDY!!!!!!.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.shopify.com udp
US 8.8.8.8:53 www.wlmouse.com udp
CA 23.227.60.200:443 cdn.shopify.com tcp
US 8.8.8.8:53 productreviews.shopifycdn.com udp
CA 23.227.38.74:443 www.wlmouse.com tcp
CA 23.227.38.74:443 www.wlmouse.com tcp
CA 23.227.38.74:443 www.wlmouse.com tcp
CA 23.227.38.74:445 www.wlmouse.com tcp
CA 23.227.38.74:443 www.wlmouse.com tcp
CA 23.227.38.74:443 www.wlmouse.com tcp
US 173.255.195.55:443 thunder.spicegems.org tcp
CA 23.227.60.200:443 cdn.shopify.com tcp
CA 23.227.38.74:443 www.wlmouse.com udp
GB 172.165.61.93:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
NL 4.175.87.113:443 msedge.api.cdp.microsoft.com tcp
GB 172.165.61.93:443 nav.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav.smartscreen.microsoft.com tcp
N/A 224.0.0.251:5353 udp
IT 91.81.130.133:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 34.54.30.0:443 monorail-edge.shopifysvc.com tcp
US 151.101.193.21:443 www.paypal.com tcp
US 34.54.30.0:443 monorail-edge.shopifysvc.com tcp
US 34.54.30.0:443 monorail-edge.shopifysvc.com udp
US 8.8.8.8:53 forms.shopifyapps.com udp
SE 185.146.173.20:443 forms.shopifyapps.com tcp
US 34.111.204.238:443 otlp-http-production.shopifysvc.com tcp
US 34.111.204.238:443 otlp-http-production.shopifysvc.com udp
US 151.101.131.1:443 www.paypalobjects.com tcp
US 151.101.131.1:443 www.paypalobjects.com tcp
SE 185.146.173.20:443 geolocation-recommendations.shopifyapps.com tcp
SE 185.146.173.20:443 geolocation-recommendations.shopifyapps.com tcp
CA 23.227.60.200:445 cdn.shopify.com tcp
CA 23.227.60.200:443 cdn.shopify.com udp
GB 2.18.66.88:443 tcp
US 13.89.179.11:443 browser.pipe.aria.microsoft.com tcp
GB 104.86.110.129:443 www.bing.com tcp
US 8.8.8.8:53 fp-afd.azureedge.us udp
US 20.140.151.75:443 fp-afd.azureedge.us tcp
US 52.108.9.254:443 wac-ring.msedge.net tcp
CN 4.252.185.49:443 addc43e1f3b64a1c89e7f55057d45294.azr.footprintdns.com tcp
GB 23.62.195.195:443 cxcs.microsoft.net tcp
GB 104.86.110.91:443 www.bing.com tcp
US 13.89.179.11:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 www.google.com udp
GB 2.18.66.81:443 www.bing.com tcp
GB 2.18.66.81:443 www.bing.com tcp
GB 216.58.204.68:443 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.187.234:443 ogads-pa.googleapis.com udp
GB 142.250.187.234:443 ogads-pa.googleapis.com tcp
GB 142.250.187.234:443 ogads-pa.googleapis.com tcp
GB 142.250.187.234:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 2.18.66.162:443 th.bing.com tcp
GB 2.18.66.48:443 r.bing.com tcp
GB 2.18.66.48:443 r.bing.com tcp
GB 2.18.66.162:443 th.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.71:443 login.microsoftonline.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.134:443 aefd.nelreports.net tcp
GB 23.62.195.195:443 cxcs.microsoft.net tcp
GB 104.86.110.91:443 www.bing.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 2.20.12.74:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.180.14:443 clients2.google.com udp
GB 142.250.180.14:443 clients2.google.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.134:443 aefd.nelreports.net udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com udp
GB 104.86.110.115:443 www.bing.com tcp
GB 2.19.252.134:443 aefd.nelreports.net udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
GB 104.86.110.121:443 www.bing.com tcp
GB 104.86.110.121:443 www.bing.com tcp
GB 2.20.12.99:443 res.public.onecdn.static.microsoft tcp
GB 104.86.110.121:443 www.bing.com tcp
GB 104.86.110.121:443 www.bing.com tcp
GB 104.86.110.121:443 www.bing.com tcp
GB 104.86.110.121:443 www.bing.com tcp
GB 2.20.12.89:443 res.public.onecdn.static.microsoft tcp
GB 104.86.110.121:443 www.bing.com tcp
GB 104.86.110.121:443 www.bing.com tcp
GB 104.86.110.121:443 www.bing.com tcp
GB 104.86.110.121:443 www.bing.com tcp
GB 2.18.66.169:443 www.bing.com tcp
GB 2.18.66.169:443 www.bing.com tcp
GB 2.18.66.169:443 www.bing.com tcp
GB 2.18.66.169:443 www.bing.com tcp
GB 2.18.66.169:443 www.bing.com tcp
GB 2.18.66.169:443 www.bing.com tcp
GB 2.18.66.162:443 www.bing.com tcp
GB 2.18.66.162:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
GB 104.86.110.97:443 th.bing.com tcp
GB 104.86.110.97:443 th.bing.com tcp
GB 104.86.110.129:443 th.bing.com tcp
GB 104.86.110.129:443 th.bing.com tcp
GB 2.18.66.162:443 www.bing.com tcp
GB 2.18.66.162:443 www.bing.com tcp
US 104.17.173.30:443 www.blockchain.com tcp
US 104.17.173.30:443 www.blockchain.com tcp
US 8.8.8.8:53 ssl.google-analytics.com udp
US 172.67.206.14:443 coinzillatag.com tcp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
US 172.67.206.14:443 coinzillatag.com tcp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 2.18.66.162:443 www.bing.com tcp
GB 2.18.66.162:443 www.bing.com tcp
US 104.16.118.55:443 api.blockchain.info tcp
US 104.16.117.55:443 api.blockchain.info tcp
US 104.16.117.55:443 api.blockchain.info tcp
US 104.16.117.55:443 api.blockchain.info tcp
US 104.16.117.55:443 api.blockchain.info tcp
US 104.16.117.55:443 api.blockchain.info tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 2.18.66.162:443 www.bing.com tcp
GB 2.18.66.162:443 www.bing.com tcp
US 104.16.117.55:443 api.blockchain.info tcp
GB 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 172.217.169.42:443 ogads-pa.googleapis.com tcp
GB 172.217.169.42:443 ogads-pa.googleapis.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.178.14:443 consent.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.btcfrog.com udp
US 76.223.54.146:80 www.btcfrog.com tcp
US 76.223.54.146:80 www.btcfrog.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
US 76.223.54.146:80 www.btcfrog.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.210:443 api.github.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3745ee16926653a4762a2d36e4b04658
SHA1 3b6b5bd44ba4c81f870378b3c8de0adda29c0243
SHA256 898d41bfc880cc020ce778edb5a6a868031f1a7c93a3db565cefb990826eda30
SHA512 d1cdae77e0e2dc9fe95d278d57f330225e62f901f31fe94cbe672727662ebc7936f742dc1f93c103fd17e84af904269aa26bd0ca797b3c836c60480d8dbd36ba

\??\pipe\LOCAL\crashpad_2768_FYJINBEMMDQXESYC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e69dfeb630c63511f07903a002a87bc5
SHA1 9ac27d8f666e8781ca056a0cc83f60a20814b6a7
SHA256 2f6a02dc06e62f474b8c52fc4f6723111309c5602cb4b12c8be3b2b1831f704a
SHA512 040941b9d87b771bf83e1b22cb9efd7157d39db6b965779a3e9c5a2d75bf7e4fe6185e3cc9351239658a49d686071cc65342f5e7a774906969cdea38f4ae7cc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 33e6964a4f0b0e7d6be9b73fcbe831d3
SHA1 cdae77f2af8aae5090de5cd8abbcf225c0337070
SHA256 f3a2687e8be3ab678680db48f1f11340892baece787c17669b002479b352ce67
SHA512 3296a52c66f2d42d8355b54c200423fe430d402a472e8bae59e3e583945fc0d8bdc630c467a0f8a778db7138b16e9d04026f2929c08d776e6672afcc4144cc55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f5292aa282de1b0e0ebf1132036e7457
SHA1 25ee04dde82c6d68c40c021040e5fa54d71bd8f8
SHA256 86a2df6625a454a6bca8933edaa86757d4bb578d314dbcda2e03289a834b6ff9
SHA512 95959ef06705531c9f313dcb89f5fca9eda2b83ef00b866c524f6905dc5b661a3c3e976773279ea009676d4acb87d1c055cfb62001ded51b121115efaf2b75c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2a78e9af8f8f012adfaf427af66db739
SHA1 4f56dd34f0c060f9614251934dcbe78e96711c59
SHA256 1d20ebdc176e593ad8ed2a18d7527234f58699e50a880cdb056db8cf8d577ff6
SHA512 d2476dc4a67466ec0204f917c9f66494ee74f024639c12e6f131ada7a68115761ff04af514260eed0567c5126504d0195bcebba319a810f51f8beaa34622944f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 7b58d93121c30527f424687159f19030
SHA1 217a7902418795c322e4bca2fc04437b97df0496
SHA256 0b362ce02ca05fc33777301d9ef15f317047de903bc04fb94df585e23c1f4b79
SHA512 f21b35e8440b388f7fdfaf1e8eb43b3c82b41a9d5f2d1e7a9401f21ccff6056fdea9dfc5b3d78c4314c69faf9be96ccfcc67d22892a4ce6593c5f550b079c82f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a2399117d5c449519346fa9a25e289b1
SHA1 d64d42f9fc0914490f75e6bcd4e656aac91b9924
SHA256 665eb0403d3aa88dbd9648eecf8a97b2d5e754168fa8e4e84f3b26af1ee4fbbc
SHA512 3f1142a4bd98208ac51e611f509de17d0dec4abafac6015d376fea23a6631aac7183dda47d4ce55357c148500ba4da5e5f1d2eb05e089e50f969b0538efa32eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5835e0.TMP

MD5 ba949a4ef94fe9a634248098ef5d6484
SHA1 2b4889d8328ce20c97698e248e90989bb2e52caa
SHA256 127982c3ab2cc2089d090e2fbbcd8de845afbd937d657cc512fd48d2ec5ae957
SHA512 cd5254d81e6d5b711894b1df59d5fc3d339745f1b66626a78c20cefc8710d47c0ce2e80940e736db1249b4e5dcf8cc03a3d2fd706a765c35268d0074d4a90325

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5fa5f15a2baf7616cd95315f2bee3ba0
SHA1 6206912a0753a1ac6c5f69fdcb6e9d09af7ca2c1
SHA256 616a9696b0d4ae52f0ec6380bb980376648c9d13e289652f0e26cad996970046
SHA512 0b2609f79425af6c606481e8ed21bb7de9a94a7956122c81adc249bed9dee98eb0c5cd94ab11f67ee566c98a892fb65a3a1b5db5e11602d5a2a6428918598344

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8e4c81db1a82732a5bd228b9baece36f
SHA1 014f0340351191c450f9a9749e92a3fdbdae3813
SHA256 922f50e4d37164f88cfc43602a50d574e38cdbf7c12bb967e9c6e53fec329d16
SHA512 fc2496166b4a8efa270c80964a4c09d08ce91bf18397ce03e35e4cd8edd2acb90629c02f84fed936e777ef3ae4d48a313c2285d114e938db873aac22e7f7053d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 78fda7751a46ee86a08d495bce78badd
SHA1 90598331a03de724b653f025d22bae91ed741934
SHA256 8da66f52f57e2425576a2d5f7908575faf4650ff7c52b4829ebc322722ed21c6
SHA512 7df932698213fd09bb9700809a0423a91a47e71ea427bdf192af7a866d71703514afb370760fe2066c97ec4e30105081a6a207b9bc84810344ed39784e823f61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cbd138ad43eee3eebf20130ffc506232
SHA1 9eb21b74d3a3567622457a43901d78ea4e4919d8
SHA256 76443f69d8fc736532f45dbeff18ed2a93f143e3d4f7a7aee0fdb32e73920f23
SHA512 01fa81329c52657c352bf9874561eff0d72fd5922c2926bd148cd69bd5dbf8dd2e706c079e9e5831793cc5c361a2c77ac88b03591629c5720b866a82314146c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 416de543f9a235a8461169b89d2796b9
SHA1 a8cc6f55371c7d92b42ff80481bdcde2484f95b5
SHA256 f7ba60d6d0f4838ced5a1514d2e4a75c113eeeec8e8139ff07a405afac111c8e
SHA512 c489eea374dc995600a4f1ced9bf5e124f95f684e0cac104facf9833179f4685c8250efbf904d19154a840dfcd34f2f0c4b6e3bf56f29a6542fb3b92abbc564f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 25ffcc0ef55ab71f434f42ade41d521f
SHA1 1d116c863ccde37c4bdaa45fa6c20e5f1c409d9b
SHA256 a625f8b96c61d1ce96e5a19facc9018786da2249ee6e4c91f5be4852f1dc2ff2
SHA512 23bab48498ae7e4fae02f023e38d0acecff01af38c7545a32dabaf026fc70bb99e07a2a2e8380d5ef6ac83cebc63adfe341b25b8fcd127d0e698575842d6baf9

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 9918786300ad8c717995d228a3239f40
SHA1 d2eaabdad2ae7975eda10ca4b164aa03ff40e90c
SHA256 98ef46a27db3af45c6a72f04826f6eef615a427f48caae9ccce6ed94a788a3e5
SHA512 d4d43b9a896b8c8029b7a159af96135cfcdf2fb9a1eca4e5c657beee3fd1226d355eba78ac883c89bef5efef179b8609ef9ecf173991b724118339d831e9a040

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e15fb5e6ca45768d2456d9385dc367c1
SHA1 eed7e123e81bcd70a5b5acdcb15ac0d7c572fc10
SHA256 6bfd27ffdcf48bb7fd0875c435c18cc267d9b77b89207f93c1b537feb552f81d
SHA512 5b33eacba9acb53d162999afb64be4147c714a139ae2f4fb5a41c0f41e96117abefebf73d8de1a9b0d59ad0becc902dec83062dc0f5454865b82b83bbb12ffd6

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\877d73a2-d2b6-4245-95db-94ca21b73956.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7e3cc0987d62a62a384f2bc2dfc90d0f
SHA1 e6323676ebdee51b31596727123a5cbbb92cc964
SHA256 0e9759ae17e65c69fbc4776118093a1c9114b8ee94a69ef57125f615c85431d8
SHA512 bcae3410b36bdc0ab078cda95a1419ff17cfa30280e92cee97e2520e6246693331089253a787efb177e8b666068e95df45f6a90def5c58036a7456a5fc437257

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0bce03ac856ef406ecaeaf8aa191930d
SHA1 0d8ca2ff1b6a272ebcb32cf2cce567b814a7d150
SHA256 415e2ee67dc421b33b955c8dc804d53b5b0e296ebe28dfc5739bea6b3552d792
SHA512 388d7b20063880b8cbc70a178e44a4e287a39cb9d2333b36c9f60e281a5d69b97e9e31009512ea53c004ad5e49902b31bf21d46e673e9a0e1d7020bfeae9db7a

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-2-12.1719.5328.1.odl

MD5 4684300253b350fc7a09412a96a820bc
SHA1 68c9430b118b5f68a1b39dae2fd30837cacc02b2
SHA256 72268c588d1a9e86a9a45bd2d8dbeaafee53a484d9e06fed2a2735514b7ae32c
SHA512 5395af07fb77e37dbfe2b01eb1110da419f8aaf86e301ace603c6f0cdc253d83139cbae0d60843a82fd9645ff6fed9ce51a51ad28e60bf60bde2da2f6c801737

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-2-12.1720.5544.1.odl

MD5 553a5fd25fcd7340a3831db04d499165
SHA1 fa06a4575f6ff7957a0353dbf9803b1055509120
SHA256 6237edc9c2a20cd78de0a9d7783bd3632e40c00fad4c0c38b35187e13869ffe9
SHA512 4484831590c44acbbb70f3b3395d687a8a828e23443fb757e479759b8a723b9dc06dbc1b46ac6feb35e04343344c49475038c1afa129e46ede6cdc06ee2e25eb

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-2-12.1720.5704.1.odl

MD5 e5e83720a3d8e40afc9841cc2e0958c3
SHA1 09510b955d7a323d83fcefb54dd8df8b2e2ed8f5
SHA256 a1b16d25d5246915b74fbe4c7260d82036f2b591059b8faf090610b989026507
SHA512 22f592035c85f4f1ab5d72b1def8188022d02d14517c10abf4aab28d47f0ec8727c162006c69fd6ff5835a9ca11a607bb77135be75996724a9a30317d5e22012

memory/4040-314-0x000002939F310000-0x000002939F324000-memory.dmp

memory/4040-315-0x00000293A4F50000-0x00000293A4F89000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5f4072f9cb5c0fea4386bcb25e542c59
SHA1 5d65568e963288e37927f56cffe172dec835af2f
SHA256 8bd69f2a0ebd9e98799188288bd8fb10f02ec8497324fe13849a25e6f6a1352b
SHA512 e9a9b055278bace43f42e90ed786170e7ba2192b9f4b3b2f88fca6bc29be23542a61046897777406fe1b6cab69dc9fc2e7e96bc05b1207834b9eaabfed18c442

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 723abb94d27a291559465b3148e7b85b
SHA1 5208eecd065af551c9ff434ff477f4345e4e2888
SHA256 fe3e76449148fa2cdc1edc25b3d00cef20fa487d06edbb235354c63b975eb02c
SHA512 5000de09917f438e6ba974325ec89fda598da88b39084e082d00931d2c58ae8fec07182e3b7c8c2434ac39f0707efe13d196dd15c25bf427e8f7e0a17690087f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 884e8c48b7266c046e67928d92a5a903
SHA1 756f607d78ecb7de3ab391aa195468599755e3a9
SHA256 93fe1261b3eed660a321581f2da0f76e27d6d4a5f7fb203315895677f6c326fc
SHA512 44f02d8b91d90cee5ce61380e37faa78f687e4418a9776f75e83ca91c185f68db2d236a05a784b971bdd274126ac596fb09313f937faaac3b17b5a9e4ca16d5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA1 6dd8803e59949c985d6a9df2f26c833041a5178c
SHA256 af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512 b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 69df804d05f8b29a88278b7d582dd279
SHA1 d9560905612cf656d5dd0e741172fb4cd9c60688
SHA256 b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608
SHA512 0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 226541550a51911c375216f718493f65
SHA1 f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256 caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA512 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 c813a1b87f1651d642cdcad5fca7a7d8
SHA1 0e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256 df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512 af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 be8c0b99e1f0ab66ed263e61a4fa04b9
SHA1 fdfcde3151bfb7ed46a4af7500d466982c7d62ac
SHA256 bc1ab559bbd83ae62c60582b8fce4f61e0d8e47a9c1c142990018c417ffc2f1f
SHA512 3ce70121de8dbd3fd10ac4322ed3848c36f633fb71c1cb98aa91c6a697db9b3897292532f3407ce8691d317eb0cdee67b654f7ec151911bc09071a3dad8ed4d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 af8cba47ac30300240df925e0729bab0
SHA1 36d17cdf066993bca4270300cb4b30b287697688
SHA256 73a727f0bbdea805c7e73a36928c4b891d5394ad2f34873094886e39ea7adb3d
SHA512 a7288347e4a391b1709d124fdc9630a23d0cb84f851321840becfb85edfdec436e99e1b1052a4102a86ddcf8ec50e5b7bca3b4f0f5e64026ddba86fac4493d1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 988644ff161fd51cdd9cde09a5fc4a3d
SHA1 a41964637eb2c09d1d7ac278f1aab4518fdf6c60
SHA256 70f3063d888629cc91595e4443af4ea93512a2e9ca2ee9acb3c92587044af67d
SHA512 50103325e88b4f649593923f2ca13938aafbc03f227277a8a0b03c26ff145d6c1f7770f4d4e28b56f7a5c402602d4c4293fd33ad0f848b16a0c13d21626f2823

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d82d69b518461b0a6e324bb7c8ce7dfd
SHA1 47aaf0b3aab594474dfc058e1a289445b0792618
SHA256 12a202476519f980bed42689d91908d9db77d212d2a6a2b4698d8739de99d724
SHA512 77d1b5999a5e88f957bd315a58b2526542340eb789795214a44f12b9f2276c49691c0fbea817b9cbe35e4c456a682cab4d406626cae5a1743d040545cc098ad3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eb6b2d5a327e12835b95d346772f038e
SHA1 1fd69697d3a376907ab3c2e040baa2274c4d2e42
SHA256 d26230f136cbdf2f3efdb1f84078056aad0261ae8f0fc99de4f2b00f4a979dc4
SHA512 cc729dc89f97efbcc3fd5708a5b8d02eb4f7a55adf0f210efa01c37c2529bfaac43eb574f981b811b5c49c17b72ea1ccf648dc2e2eb0a7282a1b5f1b3c94d2c0

C:\Users\Admin\Downloads\Unconfirmed 948639.crdownload

MD5 055d1462f66a350d9886542d4d79bc2b
SHA1 f1086d2f667d807dbb1aa362a7a809ea119f2565
SHA256 dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0
SHA512 2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1

C:\Users\Admin\Downloads\CoronaVirus.exe:Zone.Identifier

MD5 0f98a5550abe0fb880568b1480c96a1c
SHA1 d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA256 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512 dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1f8c9180b54c5842e84afe2227835738
SHA1 f36ee88d5443163273b1f3bd9f680211e58c5ee5
SHA256 4f1b57002971f5ed40df9e6e60db50063ec235725b8a456d087c0344fc2f2e24
SHA512 94ae03e18fe08520e06f6c0be39cb3e23a147ca7fd51f2a76799342e6d2e813fac267664084490a778dfef2c1b8836fc1f8e0bdbb9db378d01c0b925c1967a6c

memory/4788-844-0x0000000000400000-0x000000000056F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 564cb9b3139d8ee3f1a6a0d4f5c96840
SHA1 b7016b4b9b939bdcf163054dccf7ade8776023a0
SHA256 88851e3ef611d28ae33d58c83abf494ecc4161761daf77a004756edd273560ff
SHA512 ee0cbcde5af0c9dcd43f82057b6713ab5bc6f300f28ced9ae3953101c9db5c2cfd5824f0fe0870827ace95b2e87b905575fc736fb7c86b1da2ae0ee020e0603d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 69e35fb677fba59e67d34bf3b43e78c2
SHA1 6319f8cdf993497ca5ac3cb352f3b02d4651ace8
SHA256 0c9b4363a57fa4623ce12c6e70fbc3a991d1d6d738091c69e21f2b301611eed5
SHA512 3ba3416d3ac6be1f724eeeab754f337d13307bdee26b300512fdab6aa206fe3421e67af1a7e8399ce260e9975d98d3a8086edc6023c2a60e9012f9643515759b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2c772da15fa527ea7441237100dc6a8f
SHA1 04a27bdd4c776ed64f8e3885366120bc13d42732
SHA256 441908a0fb1cf0fe47a5b55d49addbc3eb94549d4250658455285267de604083
SHA512 5dec56ccbe0eae17c41e74f8dd2d4fffee0b7dd8a5ecfaa7c14e608d67ff432d34e2e7061ad96f745ea2da87cc8960e0c7e2624e78b05b258f7ff2e2e05a8da5

memory/3348-884-0x0000000000400000-0x000000000056F000-memory.dmp

memory/4788-885-0x0000000000400000-0x000000000056F000-memory.dmp

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.id-CCC57CCC.[[email protected]].ncov

MD5 28e3cdf6338a9057c533f101b06d4e97
SHA1 36e2c1568b281dc4fab759f7d0360e28da307889
SHA256 c99eb4470de5b3dac67f7366d6dce3a0fa59755cb3045bbb5ec649fefd509799
SHA512 937b071e8851606393730ccc576423b614be7c5c24b6e0ff21750d6caacde8276b0c9e992774240980fe9108665342c3792b30276da820d449f4f30d35f6fc8d

C:\$SysReset\Scratch\csrss.exe

MD5 01cde2d68d2b5b8c5f8eb4e9829d28fc
SHA1 c0fd59fe9ea60d0d28b0cc6cff1baf2abf809979
SHA256 2e4f398084f26185b89e9d0cd89f1f0faf603a2f1c44ddca3adef321a15af621
SHA512 3eeef8bec1efddc8da2f1a7396a25a2ef304f8cdc0fbbe1adb80abc3223387e283816713a968e532b30e68564570e58362823a34212f897f746c449fb1680a64

memory/4788-4447-0x0000000000400000-0x000000000056F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 642874f824100d84d037926b02c3fe68
SHA1 2beba59391fc6ad027b64a7fd10da1b0d8708d49
SHA256 02ef7af86755ebff328b34443e6b5677eedef04830549add82994a80a33f33b5
SHA512 f5e33170278d3e9282169f96eff5677a3745a0914b67f90669fda85602ec7f1f60ca47fbdbba48d2088c51c552479fd96f073a80506a3475f7abfa8067821d85

memory/3348-5915-0x0000000000400000-0x000000000056F000-memory.dmp

memory/3348-6366-0x0000000000400000-0x000000000056F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ce94a6f79da65bd28d39a330b172d936
SHA1 0e4e53f3b85c70107df6c306127fda2fe7769ad8
SHA256 9983618a4c14f4162db881f6e0946f2f033995300f4c1f686ca7de6534f38df6
SHA512 44bc161e8ce927951c375e4700e0b5e315c3159da4c7c9f6fcda545e5ea4b84587d10e75cbe60b15dc58291fe01df0a1f0c75cfebad652273a8faab7c1d2ce1c

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\TileCache_100_4_PNGEncoded_Header.bin

MD5 e37cc9ac43370003c4fe9247f9590412
SHA1 42c37ccf65089eb15522fb9dc11d2240e4bcb4ac
SHA256 a54530de01845ff4fb6801caa4938319c84e27a0d3f9aa9862271cc80d9d6271
SHA512 5457d6dd8f316f8d0a9a05153f013f167de38ff2ccb42834c58d80ad539b08222303628c6b100c50b01c6f3b78da80703012d8e64feca6825c96148d9937594d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3b7c94e9dd724dc050d20b46525b4075
SHA1 98c3f8a3ce4272a6757ac799e2e31449687cf16b
SHA256 b5be08c96b670f4359fd1f6dacca618c0e41ff64ef89561b2ac5c5aff05ea67e
SHA512 dbb29df06f10cb1ad24f31dd49ff7d6740b90bcf26fa708267432912328eb90a3f8ea88710e16fb5f51374a06c4ebc36a73e79d099b8980b797a8aab4165b1d2

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 e291f261bd904122cf2e9337aa8be409
SHA1 9d44e4bb3060f27d9a1c56189fa91e00a5092d00
SHA256 6691fcea96b36c1332925be743f8f1c1beb6ebbc13097ad50c97892e885259af
SHA512 a2528d8bbe6dcde12b40c977e627a169989a48912c27f57ce295d299b15cfee0d62e7c973637f2adee96b93e3401d0fde1e3bbb035060bc1cb16ee2fc5ed8255

memory/4040-22459-0x00000293A4F50000-0x00000293A4F89000-memory.dmp

memory/4040-23676-0x00000293A4F50000-0x00000293A4F89000-memory.dmp

memory/4040-23675-0x000002939F310000-0x000002939F324000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 97b8227333fdf2d09dc53b443f771ddb
SHA1 43f3a03e865bebb9204f4b78bb3807e86dae7f68
SHA256 7aa9926c82e8dcbb08917af7640132c8c9ccc0184c8276afe0301891124ee0fa
SHA512 6e943abb1171515e5ca8c0ef2cb3c7e330b397b15d97e566cb5caea041e0abcf5bfda9670793b0db7b7eb0c82f7606e4cb082945ad5bded5280145970d5f49fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

MD5 577df44ee9d2f7eb9d1a5de4bff4b51f
SHA1 b962cac93b5edc0248b48787fadd70b1aac1adf2
SHA256 4e252494d6d03a67ad7fb0f7dfd9efb012f3918a43734670538670e7b422fb6d
SHA512 842e13cb67ad149606d44203c4fc04ea4c4615124619a322596dad5fa9829d0ab3e303eb5941111bebbaeb7da9273a6009dd491d71d6a9aa6d8da076855b427b

memory/21320-26973-0x0000000000400000-0x000000000056F000-memory.dmp

memory/21384-26976-0x0000000000400000-0x000000000056F000-memory.dmp

memory/21288-26977-0x0000000000400000-0x000000000056F000-memory.dmp

memory/21288-26979-0x0000000000400000-0x000000000056F000-memory.dmp

memory/21320-26980-0x0000000000400000-0x000000000056F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 41090f879e1f0b9ba128344150edb856
SHA1 0ae4c3276bd93046a7ca759e3e26f8a5a5421a5d
SHA256 e58dd580f375c541d1c5e7fe3127bcc9f1bb5e6d91f773a75fd14cf7c875a780
SHA512 b9f9a4d7584baa8c5ad800aedc2d5c54dd6ca963b68530d1af033e43d5ce74a8d594d36f7f74fe33b0d69a82204d88736c016457d68e59824129950f40bdbcae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe5cebfe.TMP

MD5 4afa85bbdcc427b305662755ed36154e
SHA1 76e864e496f632272225b51b5fe4f875e0fcc497
SHA256 1b324e339f21f13db14addd70ef423ba86d853e2439998a1ce7fff260cdac576
SHA512 22e80f67ba230da95e5a93a5ac118b38665205b268e20f413274e25b5e3dc79428997a7a281675986dafd05b5862b2e7a182347d75af222dda633778580fad15

memory/21320-26990-0x0000000000400000-0x000000000056F000-memory.dmp

memory/21384-26991-0x0000000000400000-0x000000000056F000-memory.dmp

memory/21384-26993-0x0000000000400000-0x000000000056F000-memory.dmp

C:\Users\Admin\Downloads\Unconfirmed 220525.crdownload

MD5 b805db8f6a84475ef76b795b0d1ed6ae
SHA1 7711cb4873e58b7adcf2a2b047b090e78d10c75b
SHA256 f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
SHA512 62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0a40b6125840ea875a799e9b839f7c7b
SHA1 a87100813d291b479ba1429e11f0250909ad0a74
SHA256 649e2a1886524b6ff0cf25d63d0501b879279dec1d6a24b0ca60f50882881859
SHA512 0d3da79f6900edd906534471172cdd245469ed3e8f59adc0ca7fcbd93b2d3747ecccf7c35267d823c919abffeb5d4390b1735eceb0ecdeb92eb8072dd4e9004a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5d258c.TMP

MD5 2977bca6ab87dcc843abd5eb64f87960
SHA1 bbcfbc154a4255db83a3463c5b8fbf803726dfde
SHA256 30372e6efc8934d27d2b72f4a114548528702131d4c8fe6cfaeb6e8e60ef5d31
SHA512 a61b54c7b370b0b07077fc1da47e30f68db79e07a59661a389354a9bc56263b419258849edf72a5385c88afce1efe25da087c22b2372f1c826b881cfc39cedca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 04059e89c04abfea8ac00b5989479bf2
SHA1 dfb27bf29d5c2793fa27b48b1a6203de88fa2e25
SHA256 df69d4c2f8c4458a348ef90607df68fc3f38e30fbb53d5a3a15b5bb7e8c62b9c
SHA512 834db2e8791c36519f62c56fba330c9ed176c2cd933dfed3f703cfe306a979abf89c50176243c8e6be61711c4718e851304cc85d31ec24bc4a196e6efb3e399a

memory/22256-27033-0x0000000000500000-0x000000000053C000-memory.dmp

memory/22256-27034-0x0000000004F40000-0x0000000004FDC000-memory.dmp

memory/22256-27038-0x0000000005590000-0x0000000005B36000-memory.dmp

memory/22256-27039-0x0000000004FE0000-0x0000000005072000-memory.dmp

memory/22256-27040-0x0000000004EA0000-0x0000000004EAA000-memory.dmp

memory/22256-27041-0x0000000005170000-0x00000000051C6000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB

MD5 09b4caa2cc38d7284a48f5f122cc4ae4
SHA1 2fa2887cb4b1edc397066ef1c13bc4d35fc93fb5
SHA256 beb72c6224b010d509e76fd6faeec0f783746e9913506b040a994332a9aa6773
SHA512 76cc7251d5f3060804864b598db412e140b8495444d22e3e55cc5c38c6a375805d31ff1e62571848e517f66f8a4a5ebb1622017dfe9b09946a5faa1995c6fa17

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB

MD5 fe36431bb2782b6a8e4274edab07dd3c
SHA1 d937632abffae4fa385270e8546e66f6e07c2809
SHA256 94361e5c0d71291c2f6913d17057c7e7a351569c3a915438d37a16345feadf41
SHA512 9b6876850e6ce2ac838ead7f1c33bdb21f973ef3f8806b8c576117136bbe5c6832ddca155849c64682d5301e62f0fe5926870e5c4322a65b9ed73d246e7b5144

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a3797b5ca7ddf6665e6326eb8c8658a9
SHA1 47236d41556fb9204cedf9bb649f4ca421595dfc
SHA256 1c7bb418d02bcc308c29b76195e1d49b91ef5429bd1601c21501d13754e8ff65
SHA512 72d377516c54a4d7931cb91c178c80804484b1e2bdb2b80a8c732478241ef8153ced9aa5bacfaf6a0a1511c576279fd1ade085ece00f930602aa08b0627c3a6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f384bb1195d6207eebeb230d17339d97
SHA1 e45563d73a779a2827fd602a7812be390b1cadfd
SHA256 3fe3a9b6844d97fa0852f822049b42942011e60eba84b075e5f4c36ca166b438
SHA512 f60ae50a60f2e2e9321fd635d51e66b07f78e272d51f913b2817a2de994c05dbff1cafc245378fdd6d9373037715f9d3f746a216e49b34b2374d81896dee3ff2

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\EdgeWebView.dat.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB

MD5 dae28a2f6c8b2d1f1a471d3c5bfb4e2a
SHA1 e6c6f423aa353728fbbac2a4ececd0b512d5126a
SHA256 a492fcad1b9bcbd4d1f57b244184c0003feda0c4e036e68569d9ed980873b91e
SHA512 f8369dde274ce930a6d17ea77fd9333dc716eb2b7817a78f5124a39cb719b3ef27498570d09a4cc0a831b08a8ff32b9fba837df219f0c0ab81627dce3ac4070b

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\mip_protection_sdk.dll.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB

MD5 2b81a0020eabe1e4401525e2e9061e31
SHA1 5296c078df80ae2df8e12f1953c01db24f2805e9
SHA256 95fed1d59419efd33d3bcd50f42c8b19393f8ffe46d1020c6efbfd7e18fee377
SHA512 9c924eb0464af630085d35534e1d057980ab6edbfcdd96d7773f793540123c75a58e80635fafe42c31245fbc78d7dff3b0897cf6fe41e5328d22d220d534d9fa

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\delegatedWebFeatures.sccd.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB

MD5 e76e8d5cc83e578a4a56421b416cbf24
SHA1 c9c6c1b617ba4c69d29c86c262edf551ec2a8941
SHA256 a1d0f6d156066c21aacedbd9ac137f90e6218ff8ae36d47d513bb77cba3e0b8e
SHA512 99100a77b94e063ca89c2b8f896ba775bb24a24d29bff23832cd6f872ced1242e6c8f2c70ec61b9c20ad24669ddf5eadc8745a37183d73d983426820369be9a0

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\dxcompiler.dll.id-CCC57CCC.[[email protected]].ncov.C199FCF5F6DDD378FA92DB9587BE1F854D8AC48DFBF581FF43280C45BD9A85BB

MD5 5584843f6126d1f926b229c3083fbce2
SHA1 53e6974a40f3ad04b5421dd56d06dddc3bfa336d
SHA256 25a2ae664ae72ca8a7a85f7ba634d4bccb5f9405983f6362cd87b31364b1785d
SHA512 426dfe8ef175dfc9428150ba45660c3a6ecca55d277ba5284b5a10609de0b68eefa0ef581e5cf27c3ce9fa9c4ed6256d0887aa7fa1ceb5c4fe70b044f0223cce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 09e29877104132a6b3bc83c50bb84337
SHA1 31110cda8ca4cd87198522ffeeab333df05119e6
SHA256 158a34dc070b66648b07e7a27aaa9764444c5e812a09b9310422b93653333c22
SHA512 98d309767019d24c56929e404863f743613519b000f6c9cb9632966cb29a4532f7ffc32570921752043374f79c5331a0c53cfac1731dbb6883c876ec7e732921

memory/10704-30539-0x0000000006010000-0x0000000006076000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 496a49deec71777dd471dff13131fa3c
SHA1 2b596c8adac957891d3e137b69aaad668b16081c
SHA256 3f2470fa6dd6f3e51529fb0af02b5dad2c14177b82603cf40ca90e825f110a05
SHA512 1c84928c09e3f79dadd25c237bf08c3222256e8f10719f74da9cd59422103c52a74f47994231e147965af58c262e156ba9795c3b4c8ec85d77b901cc87e324d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5dcc2c.TMP

MD5 013f23e165dc746df4117cce2a80b915
SHA1 e0aca62e43779b1eb1c03e19cd421de6e500ba3b
SHA256 9b8e0e713734a294edaeb523397f1be4ff49f589325ec6564514b35f6eaaa8bf
SHA512 95ae7ef2d5bc31d298b9c27a8899b77d5b04714a06a3de2068ede600d21a0194b106213abad1a72a80b87917e7b52641ee7c99978eadb2c891b4f65523b3322c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c7fe141d3f63e532e46160f0e25290f7
SHA1 e6d2fa6f3684ea029999da5ccf294d1ac068652f
SHA256 f988e5c19745d5e5fc6b66f6f7dcf728c092748627df26fdaae05c023114ffd8
SHA512 b945ca949601b15048bee6bb4f85a7d5718b1d3bb7e23d0c19e642e9d11ed500637634f1ab0424b89dbb15bdf43a694cea222658b458830c95357664e41fe284

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4cd9a4d65ba2a9217a257c13735df704
SHA1 57fbb16ab8b331b12d1d479e403b13498e887d1d
SHA256 6c7a4ef022c86494d7ad2e185045d3f91a537dc12e9ad7c8a33b77fc14fd5264
SHA512 d7ea3eb9902685d16d9c17acbff432869fd383d0fc847ce7dc4ca20520aa6593a5d40f5a80443f4e479b1d370e4f3310570a5cc712b4f0fcdb778fbb74d08306

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5d3f23b9bc1c7129df5d75ba8c0cbe39
SHA1 5954e0eaa655c165e75c36305a73ec7877d553dc
SHA256 c2dd06e872664e351c21f66228aaea46021cb8260ab3dc1f81b71dc951bb11d6
SHA512 f16374361ea38b0be68e0942ff8fc4b5e1264f6c38663c040d0ae76dccc439d4f39b552eded9c6c48346e47154d99f8bd3d02173d16f0803aea8953239b64f2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e7bab46c452d4c393c44e23d7ced8505
SHA1 69cfe4bb2fcda0ed91b5fb963f0661454c01b6d5
SHA256 a25ad1d46b3d45503e5a3320a50e85b35a4cd90ab930acaccae468193049ec82
SHA512 a083773989fcfb2d183b0b5f33aa50064b7bbfb39d8efa9cc9c7115f979fa0f7c1b810e4084d3548e36aa7c375745f6e415937d14947b30386c573cdce9af8ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RFe5df32d.TMP

MD5 c5726913b314bd58e932ebff8bbde88b
SHA1 55eb5fe51ff4ea5676ce9bd0791b1f6aab79f8aa
SHA256 9a9addb0564e5b6d26f00eba25a2ef58c9cbdd62e45539015e227aa95377d0fd
SHA512 d5c852eaed19f8ece5e289c50f429b68e1a8d2df632be4ab3026ec5bbaa632405c4d46b66e5d58e619225aca211a024dc41a6d17c468678852c7bc248d2989aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 90f14987521c98202c54293ff6fada57
SHA1 b8af06e93feda9ff4f8401618c7ee7080127065c
SHA256 dbf784aa0804500c7e8e2333d5304f96d3a67547cd3c17c5cdde3b5bac8da7da
SHA512 435cc656cfaf067e437f36d0f9dda2c3b0fe08756631a98086060746031066ad48228a4022981857c37deed3aca8d2866a6b975449c5c38ce10c528be722117c

C:\Users\Admin\Downloads\Unconfirmed 981259.crdownload

MD5 9c3e9e30d51489a891513e8a14d931e4
SHA1 4e5a5898389eef8f464dee04a74f3b5c217b7176
SHA256 f8f7b5f20ca57c61df6dc8ff49f2f5f90276a378ec17397249fdc099a6e1dcd8
SHA512 bf45677b7dd6c67ad350ec6ecad5bc3f04dea179fae0ff0a695c69f7de919476dd7a69c25b04c8530a35119e4933f4a8c327ed6dcef892b1114dfd7e494a19a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 71db135b4cfcf7c182d4537a305812e5
SHA1 54581df1ff43a4df38fad70e15493114c5839b2f
SHA256 e34d95202c662551c2cd889c9038e596ae07c6e8925e481989bf9f4d3c00bc0e
SHA512 13f87ae65e353f0bf27183aeab802dea24758a122a691ca2aee516ce91874d210e2132b53cd9eb3b780296a0ddfc7e43016a5680eb8099fd0ff40ef37b87fb90

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms

MD5 8cdc9b058214ca4835de428d9f0eebd1
SHA1 51c9b065bc8216de7a5ca8b095bb23975d4472fb
SHA256 ab8ec7eec7a3897446e744346edf97a29db9e97533dfdb59e6ad3a3dc0fe3f3b
SHA512 750fb0409f6085a4758e647387bd21a44dd4973c2780d6269c3c95a03cb7a04ed516632fa2fc9ffaf34b7682b101a091855d8f1f1b00747202f3e861fc9a7560

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cafa86d843ce7973a9b337cc80cbee05
SHA1 2cbbec775d1d065bc454a347bdb6b5abf2a97c8d
SHA256 26e2c77ed01ce59267ea61a38086ce53b047b37925d5978c12dc558cc6a4ae64
SHA512 7f45c76b212aa4aba4e9021e78ba9128ab01dd25d938db0aeefb92a3cfed65dbe23f42714b42bb29aec7a6222b3fdd1e2190539bf7ea18595a8f3e41ded3ecee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 76bb63069169b6a21c02ea79a31972ef
SHA1 a1e849858de4c917b9c623a9c772968175efc4a9
SHA256 1f9ae4ff15a2877acc12f9cb0e2f9d4dc1b764852cc355282c95d9549fb4d0a7
SHA512 ac4cfc9887a3875b0f4ee414ccec4b1a3b410e12661d7490943450f7d555d2ee132769d39260ddfe5456d211096c24e0cc4a46353c60c7da7d2bb1e69a57af47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5f3c9c1c9fca83e48556673ba5575279
SHA1 bc4d35a1d6b3623418d1559887ace3f0b410e78e
SHA256 9da7674c49394beedebfe5906736cc14422133f0326790833ae1f14e20f5eb14
SHA512 beb9d60a1e0c74cbe81915c699c39285209777fbdd1d523b3b5c40ab680074bf77da4087619009389a946a4e4ab6c0d15474f1c058ecf9cd57dbb574f3eb188f

memory/20492-31143-0x0000000000400000-0x00000000004DF000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 def3b016b439642351319b27e74d23cd
SHA1 3a2ab168dcd6b9587bd9e96580444aeafa5fd159
SHA256 ef34c9410c03f68683a931da73535987f25062226be6bc38d76351f064956aba
SHA512 3cfbb24875a9073df823acedc7bb07de5585a32d59afb8d7b4713675a8b12c9a192bea68ed98ffd4475d0ff27cb28e03fbe484415d0fe3fb9aa36a7a27ea312a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e8ab33525daf97cccf3c1ebde728097e
SHA1 827f12e176cf53dbcf7764412fc0e33d66e6b091
SHA256 52473f0baca50b0ddfe1de3c61a369fdfcccfc33ce53364452e3d3289e8f414e
SHA512 89a03d7274e4a8158849297496cdb8f1906cd593b7cb55935b9a09a07832dd2f43476cb9737810637f7273f8ca241ab4aadbbcf52f5c79f710ebe63d5fd74d12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 890616fda83745474bd62643f06e12ab
SHA1 45dca47664b6b67dad27eb64108640d67a234666
SHA256 5bc741fc9c2853a141413b5bec26a0cc6e52b094f913031053a864019d20b54f
SHA512 cc5860e4c7c4959d8a537b25d00b18cfba15c8ea5ec707a2540370f0dc36d0e7361cc6487dcfbd0e92a9080a0261b3e8084a9ade4d16d1d2a6826ad97b166718

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f4fc84c27b099ed731c6bc22b37a2f51
SHA1 7341f19a2e2556ade542517d31551e88f243e093
SHA256 84f129b15d941b44494bef5ae142f410ed24a739e877591f0b8739af6adcbd3b
SHA512 ada492a3be3d252c14d73c6277b61984f38595d3645ed0f74bba7d20a9bf290d2ed4a234b5594b6f87bbffe7ee08080d37bfc1f81a156b9c5d5f2181e5702779

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4d420503319ea56b43502672e42fc7b1
SHA1 087bc4e5ef2f0bd8e880a7c6480ff17f67078048
SHA256 30e82668d398fd6915592f7a72649c7312e8f7e7ceef69bff51741d251445b74
SHA512 517ff160aedbc303c618579ebf0c654bdb1f776441aa38b67802c901d5177420aef0608a891c846898be906c8bf6717089e85a8bd03a93cd113fc91f1b2f850a

C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Installer\setup.exe

MD5 1b3e9c59f9c7a134ec630ada1eb76a39
SHA1 a7e831d392e99f3d37847dcc561dd2e017065439
SHA256 ce78ccfb0c9cdb06ea61116bc57e50690650b6b5cf37c1aebfb30c19458ee4ae
SHA512 c0e50410dc92d80ff7bc854907774fc551564e078a8d38ca6421f15cea50282c25efac4f357b52b066c4371f9b8d4900fa8122dd80ab06ecbd851c6e049f7a3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 65f0044af468294eae49041aac16f47d
SHA1 305c74890f979eccd0e88294d4d7998b8f879235
SHA256 819b8f737ae54271b55822eaaac9f3eddb36519c414a3cc18b47140fe585ea76
SHA512 fec53c5f3c97f2a9ea0487990b94fbbdcbef37ea381dbaf66cddbd006ec72dfd2dbe05fd6a375456ef662c28dd831afeb1535cf29d2ed889a27afd3ca213762b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c2ae6ca020a56b0c3242c31236abc460
SHA1 0f58dd25876e23053c9401a84edc2d02aeef9131
SHA256 bb813ea686d329b782003c01a592e1e91529f9c60a1a230754ee64bc77dd1d0e
SHA512 89cd1b91bb733be46d4bf36a929433a529b65eaa6b41268e52e35823846b58d6f9f40b062c7d4115a9b5bf5266a2e9727c06585f6e6c18ef10dc33cbb910f232

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 10453deaccef6a60e583fd9e4ee71bed
SHA1 a410077ce9ec78089f12409892cc00899b490b12
SHA256 efe17725f4648f27567a855d8e2511c6bf070d3f429827737fb252100a89f334
SHA512 b91a43fb20b26889d525cf24aa0547de3e4043a6668d90d96d01c4ddfc130a07b3ea500164a6c6002a7dab977850208af96c2fca9dcdcca1a718725a5418834a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0266bf86e67139553ea419b2a5d174e8
SHA1 34fcc9785e134ece5e151807b2db19c57f84a404
SHA256 a910f71e8e6f42e299727c16250419d49b1f068bc993ace5f48c1c501d3430e2
SHA512 3da07ca5f32e077ca1ea8ba3a6ca4c074a2e350682f151f987d1ec6d454a00a341f6645d67ebec0d0373ecc8ff665c4b9ab97ffbed90cf609a9f2c4fbcefe729

C:\Users\Admin\Downloads\Unconfirmed 700157.crdownload

MD5 5c7fb0927db37372da25f270708103a2
SHA1 120ed9279d85cbfa56e5b7779ffa7162074f7a29
SHA256 be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844
SHA512 a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8615ae520e80b6604b0b8719995a2765
SHA1 be21c19033491c756bc81d790ac5f678afb7e3b5
SHA256 67ffd77bf551fdb86d243fab2652a843153ecc1cdeead1230c8a72db68bc71b4
SHA512 902bb8a88c752d1fa535f9245d739e31cfb0444f4f5fb0facdedbf80616bfa47a5c8443e100f9d2b71fe075324b0e59cca6a8c24faeb96e6e263c0d85e83e922

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State~RFe5fa513.TMP

MD5 6e3699f3da9b67996e8600d22701fabf
SHA1 f8365fc2814807ee889264a53f26b58f0b24bfab
SHA256 c3e8d7c97cad60698f0d8c46158c1c2025b8b734d4fa9b10f91310c1eb396216
SHA512 59656d58f19eaf602843521c56dfff2514a772b90cb014be8b29cf9fdb4d15e400a779c7a1f92d59824769cf9255b5b49cec5c5cbdf74c07f9bd689babc5ec02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4836d2e165b8f354edc6a7a9638b4f3b
SHA1 4085b128a44b15a339ea264aad55523217359f01
SHA256 b48aebb6d0d993a2f3e4c994a6ee6d080e06acc64f09dd2bdf21ad3fbb2fdc6e
SHA512 38bcd0a95e9e30ac2561e7ddb9dcc1b282cef516b93a7619590b7ecf31c4e00a5e11543f09709cebd97876b6ebd506f5f1014709e5e9c5502b2491136c55c10c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ca418753876bf987ad0f1a42142c20ab
SHA1 546c2a941b72ef9eb9fa1bbf8af92804fe69e496
SHA256 8dbde74187037e9dfec8222878ea67bbb8fbbefd6577dcbea71ebcf54b265f47
SHA512 0dc302dd0b4ef0161252014fa438970fe1ab598174802bfcd5f3601670efc2274d0687ccf5ce55476c951242624d5ad99e71825ae54b61494eb949f871f6b648

memory/22632-31353-0x0000000010000000-0x0000000010012000-memory.dmp

C:\Users\Admin\Downloads\u.wry

MD5 cf1416074cd7791ab80a18f9e7e219d9
SHA1 276d2ec82c518d887a8a3608e51c56fa28716ded
SHA256 78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df
SHA512 0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

C:\Users\Admin\Downloads\!Please Read Me!.txt

MD5 afa18cf4aa2660392111763fb93a8c3d
SHA1 c219a3654a5f41ce535a09f2a188a464c3f5baf5
SHA256 227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0
SHA512 4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 58ca7911df2dfe774ac8c2daac4e816c
SHA1 3398bbbaf3fe3bf1e64fa482266d61942233c4ea
SHA256 c3cb749cef73c041a5c3e94d53c135388232ffaf15bccc7a8e3198622ef0d866
SHA512 f8797d3f098f0138769a3e4f3ef1f6795159689e5d2986dbcfb5cf8efbb2a23d38e395c8b695f12ee80fe311a116a707b7f5a38f16011ea84c8535396594f0d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2ba347034aff2592e00c789785cb462e
SHA1 08f826760a8e44de405f17ce8c5e52bc29c83e08
SHA256 e0a0f6d50f2e5df05581c7a988c15350ca58408b2192ba5ce5e915a9fcc427c2
SHA512 31a0b2ec65ada7007e6ca2a65e6c88ba96a50b1325c1df6596b31096db8292fc90a944d490f9982d0fb4eb3b6eaba7abcf0c430438e49b58fe4ff11193655bfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 54f3a68eef889100aa3a190156dfe6b0
SHA1 85bfcc01cc8b20bc41171840bd7962a1ef219573
SHA256 c663bb22e0aaa2639cc593a62339d2e8943176af86f05e4ef14da62d4942830d
SHA512 1040eb753a33f4798932e36ba27d13903322ad6b530b7457438539be09c67d98e8e5bb361a3e9d37f2299fa147eda39ff5b7340317050444ed0f344e31e113d9

C:\Users\Public\Desktop\!WannaDecryptor!.exe.lnk

MD5 b021246560e7e62d149ce8456d7945cf
SHA1 edcfd36b4d5b1a1bbd0bc1bf57e768d5ade588d0
SHA256 ca900880211e1c4118aa0bed74a54a96c082e852ac340f46ca273dcb1c0bbb08
SHA512 0bb29b0b057636f7a954ca4f79ba4b5acfd89316858559072b30e1dc7062def994ee9995e5f6d6f3b204652f9f47ae84c15afd8e780a84757125105a77968ab2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c95065f6aa8854422c7c76de2d776489
SHA1 2416696273a4739f9badf2eb0dc2b2afa4cf38ad
SHA256 6389800311ab9ea99f7d8b6d59b143968c6c89e66bc1c5f15fbd263e4b83548c
SHA512 109631d75ba4a9ddcdcd74d2aef920c729a4f1ab185606cf80ddde9936b8d15f7a50a8929b9a4db1c0917c0a662bb34814a14cf0846a15a9e7110a1e8213ed2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\68559750-7100-424e-9918-c9a3306d0730.tmp

MD5 0f97b233e5119305e7615f15f8330d2e
SHA1 9993b69455814fe18e149dcdaad4fca5a21ddfa8
SHA256 f65c397a06ac67942c122517596fef0c1e26edee5e3ec26321477424ffbac615
SHA512 ac580cc636f9ed690a171704d85f1966d051280638522c463e57d304803d6fc47c027e202f5c7b394fd1d5be5ede6d6d5f58f5e6ea4f7e5f445391cdac5ad75f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c11bccb1bc388f2300a6a0ef43d45138
SHA1 8808dd977a5be0b6c96360ca525d1ffc37d3dd79
SHA256 f29fd1130a2eb8aabad5dbf8510f7ec40fa76f047e8ae079323f7befe616ccac
SHA512 11b385b26203d723d9542e17e8f1ffb149f0330f77a5d1c35d882a74832e7de07d2e43f92b313695a98a3fa5b366077908ccd2a6cd29c59ebe5b3bad4820b37e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 227518bf3d581f0a4a46eb4ecac2f87d
SHA1 3b31c704c94dd73530fad8da1e5a1038c20a65bb
SHA256 179189a5b2b90c26c14a2a91566fa9632ac26ea679d2d2f72850486f2bee38b9
SHA512 ca969fc33e10c3d40b6998ec1b4f9a2a94d7010f18fac537571737118e4459f93f73af7ddd7cd095099b6681e8fb3d4e9dc4777cbbd150c3395c3bf59fd71239

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 2ffbc848f8c11b8001782b35f38f045b
SHA1 c3113ed8cd351fe8cac0ef5886c932c5109697cf
SHA256 1a22ece5cbc8097e6664269cbd2db64329a600f517b646f896f291c0919fbbef
SHA512 e4c037be5075c784fd1f4c64ff6d6cd69737667ec9b1676270e2ed8c0341e14f9d6b92fde332c3d629b53ae38e19b59f05a587c8a86de445e9d65ccfa2bd9c16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2d09a71d38baa2738b8ff49f81233390
SHA1 c677a316e46b4a7233fb3e94dd86658f3fdd0b6f
SHA256 4390806261613dd7fbb5ec3c47545e4edc297b663550f64d98b5ff92a559c4f5
SHA512 92c63726625b21f96d85800da8c1a2061a0b85716a3217dae336f0da603228ba6bb1eb2a2c4fe112a5bac3823d078eb1c8a483e6048bcaf8bb53a0b5376351d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e02d030754a830daae14cd79eeb192fb
SHA1 5588e748409920bb63e93e601d7aa2e0a1fff7ac
SHA256 f88d8fe91a868975e77c77504f2029f9d364d929148b45a13fdeace00ac61aff
SHA512 8206cb131a8f403e046f638e74508aad550ec7e255876130b480e4320f4b37adb85b0df1eb7d4e377a3a7016b9f56c23cb342869f461577d911a723178c11a0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4566f82321ad404607ff0097bcb0d3d5
SHA1 2c1f9c26fb9938b9f5e4984ac86919f19e05429a
SHA256 e1fafc06011f99231247252bbca08abb0c1f2320dace356b6c52555e529fef40
SHA512 03b655006ef2ca58c9419a285339cc7ac599aede34a418e6d19fe6066068d30aede9d450ba7608f5dd6cf9b40d37a87c06caae414443f3b7250b9b302aa9152b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 665290f9062d3ef08efb1ce6b33ec8d2
SHA1 a85a44ec877e1df391282b2d7bccf7e5b8bd2803
SHA256 a6cc51f70172b8fe001a927c045952ad3de18e132ceda9f754e47ded258c4a81
SHA512 51b63596956b9d67a5dc1af77b2775fb0b7af6d72f683ecf0888b1f5d6a10b789f799b692b19887e3567d1b4822797fb1e9dbcc0cd4bef304c23bffaae5e16bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 373d1bda79ba44e0f4edde04cf526871
SHA1 73e75cee3cfa20680934fdfb239e87bd6c9a1c88
SHA256 ceefaaeaf9f0686df168137aa462c6af6a9600fc5fae0bfdd185f5ce98b24bcc
SHA512 d90de5e027873a60e099028012cbaf91a25fed481000995a431341141d171b4d95dff935181b4b0244c30daee12d9b97ccf0856844b70fcf58a82619aa6ca0d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFe60d805.TMP

MD5 598965b092335cdb8aec11b4e9c7a283
SHA1 241434523e4e6f6e926ee62912c377703d772f38
SHA256 0b31a68a367db3d34c37d1ca3c6201201bae4d42dd92c4f101502476bd5f5f0b
SHA512 3c45c88036121ee017889a259462dbee395af69c020f84b013afbdab4bd8a02930037083ea9b45ef6b96c554340f70c031c66565c7e83b50dc439b3109383130

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 14245d2780ab3b56e84139ad2b11613f
SHA1 4af499c164acf1630cb376eeb1a774bb4c15b950
SHA256 de10bceedefa2c2fa9bcec83f806727068044911ad4a2d5e11805867569db11a
SHA512 7b5abd23c57f65564c24407a2d863bcfe0a0bc8c9c928bd2bc2f713c21b2a7ae0cec27787c50fcc67c46b48b81773fc347b982332c326504357533c09ff58883

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b72c316b32fcffde32d3230b993145f2
SHA1 bcff9c61a2721c05332adca454e16483694dca2a
SHA256 7c276e7a4ef16f1d0512a70d42841ee249b21d32e6aa343bd418f38d8c6e24c6
SHA512 432a0b229bac9d2fc86e6b467add0854eaefd18c9a18165d13a2c3732140c7014e9fb2670b71bfe0a545a8b4491136d7d91b7f9e2d5f0282ce55ae4b918b559e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6084c3897aa132f3494f4f824355572e
SHA1 31cecfd0b881022417054c4d5894a40f9343823c
SHA256 3f86b3ea6c79eac6ba5f9c1d8e8cd9895e4ee992f624878ecd1953edde98d070
SHA512 af3206a85faba3a745a36b43c593c8803fc4128f3ccb16c4d4ca685a9b40192ad8790cb29a18b727f11b68221bcbfadc92132fdd389365723cbf7fe364bb6c0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 13e8be342a3b4b954f50c247dbb14f7d
SHA1 fae28e8f126b43a3bd09c08a88b94c1cf1868239
SHA256 0098d2553fe0e44c43ac556ca63fd545e1d9a4e480ae8792ccfaee6b4245e001
SHA512 ea2cd2eb2496af2b0c0bd58f1641b5a7d9733ae6bd832459fdcc9233fd0923f8c443e6c3ef27fac1914f8e4b36d0139bd5f26e1f34dbbac04a998f6c464c0cdd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 589e60040f26ed12aaa812a19f873904
SHA1 6a55be722d0d2f13b2bf562c15920e8d1bb3abbe
SHA256 05adee79893224171316eca3b4962d5098ce5443af2ad9998c37bb6488e13860
SHA512 dcda6549387d4ebb111eb746a62865d4ff6ced77cba872965e044c1fe64cc6505149935dbaca8095567e3a9c733f1abbc589413061840404e620efdfd2c95b6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3de64e9f9a2b0c449462f769d928ef54
SHA1 bae19860a022701cd5539eda1492fd3385562ef1
SHA256 1f6bf62e8e58c4efa69523a14669c05767d40f103a1fca7ee6415aca83ee4e30
SHA512 f27e1b59238bba04166ab9801d058db449c77742636cfd450fedab05fef93f2006e71217eb7fc01d2aaca812fc04245423d5da449b6f272f7bb5dd96b3afee09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3b60a878458496b97a15287af88f30ea
SHA1 72f0bc8a8d54b3a8a388973bbfe9379ea04d2e8f
SHA256 7a09811dd015d37b6a66dd52df60102ee88cda2c8ff2d92cfdb5b4f7f2105f30
SHA512 182abdef70c609e6db8fbeaf73c2ef45acb2eddabbacbb01e1eee3616bc2188aee498ad7912f5390520127f4a4b833ad20944e82eeb44401c552abbbf3748284

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchUnifiedTileModelCache.dat

MD5 c250b420e86a7b9b099eb5958f95ea67
SHA1 237d6000ab813e1716c403bdb3df0661076a4569
SHA256 d0e1c0df44c321848d28276762f5113d222173c29e17f04e10fb95c6855b598c
SHA512 b21515f13c9e5790664d1d5f24346c5bd6bb42d716a45ffd1f57318e26e65d08896392a378cb6aab83f936c95f4af69624386ec437401233da8f454b8ca1685a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 d6a2b1a2e79d673a47b948dba509affe
SHA1 f37a156319aaa2718186984ded2b39718bd1c890
SHA256 e8963a8ab3f3ea37d41cb50591129c41205ba4b60136453f676b7fdb66cd87f5
SHA512 cd2980a4357a1e68c424aab6c4ee235c6f34e035b55f985c365ad65610742af4217aeab40295ca29bc94d1a579bbb33d9a71178234d3739a72ec1b6fe067f746

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133838549181455974.txt

MD5 e0567caff3e6170cd41a51e672263efb
SHA1 f7e2149f99c97a445aa69806827987e94464cb18
SHA256 3a1ebc7e64fcba76af4b4d33e5ff4aec1fefc005902fa0903e0a771e7234fa60
SHA512 866b31297e619a0544f1086559ab4f8a9d1d8e841b84d7f1435b6847ba38822d67f94e1932e4f4263490aba71e6a2836010b4aeba9797f6446e0659922fbbdad

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 b3697cf2ccd0389e543b9ee219e5b018
SHA1 4fe93ec5fb1cda897716248d969a29b30c0ff39f
SHA256 525b91fd04746f7c19432dfd0fcb2f9aac6e1f22db72218de6846f90d521aa2a
SHA512 449f305320974d521a8f9acf8e1bbf3ff464b31e5ebd433a1a309134219b179f8e776fd086f8f088acbf099bb9c0397699143e542680629410b7c6dc13e43bb5

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133838549213756417.txt

MD5 51cc987e4d5622e4410419f835f070f2
SHA1 1e1af42ae4fa6b84d16f5354eba86ae9237c0ba9
SHA256 86723d9aa973cfab380698595663490bbdd5a9f8c68c3782822478087fbac28c
SHA512 9ab32bdd3f076aac30605bd22fb492f3bcbd6bb5b03c646c2f6052455a3ec778d6987a20514f7f87300c3e617e23514b6db468a4cb44e2c5401eaff2a1d055d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2127753b7c12b2617dcc5c98d977918e
SHA1 211b3b77d3f24c5d2718ce2b8182a3f95cdef11f
SHA256 c33c12095842cb079e99ef25270f505db46e78462bff1cf729259fcd5475fecd
SHA512 d0711ddd3af6c5fa035f0a62ccf6f215cb622baa73edd19b865651b29a497b951fe29a45657b510d2b06005d087858e0749177382e8d2e01d727de494c7f4671

C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini

MD5 e0fd7e6b4853592ac9ac73df9d83783f
SHA1 2834e77dfa1269ddad948b87d88887e84179594a
SHA256 feea416e5e5c8aa81416b81fb25132d1c18b010b02663a253338dbdfb066e122
SHA512 289de77ffbe328388ad080129b7460712985d42076e78a3a545124881c30f564c5ef8fb4024d98903d88a6a187c60431a600f6ecbbe2888ee69e40a67ce77b55

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133838549311864684.txt

MD5 c7f3ebea3d0003e2461e6689a3264d46
SHA1 9ce0628b754b80b04f90dee53fa231a1373386b7
SHA256 7e1505f4b8ae4d9592b327e4b291362cff619e67049459e2f7984a351e156211
SHA512 687c4db004795ac685bd005cace8c0e4199733ff67d820c846e0656464b00ef72f2c612865804bee23bcad49f45046193a1eb3c1809978529f22065e371644b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\348297eb-b270-4e76-a397-aa04b1360977.tmp

MD5 85795e44e36396df9688fd6067c5bbdb
SHA1 944d909eb8ed00be0725942fdda4cb33f51feabe
SHA256 4e0074fa0149538f3fcb23c8ab4a5827e6ae9facf3a5ceb274c4782bd33ecd03
SHA512 97c90c865d9075917696cc739c47c09d987b55711d335a142b4af2b4e401f71cc023c6f426df1c137206caae75e3f18f3bc168f96fffadba05cdc745a31e4fa0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ccacd83d9f092a7b56ca9b60c771da54
SHA1 7d1cb6668d867dfeb799ab482b00f79fa1f86301
SHA256 bca4c1bb0c9b0d729123aa91c0a3e07581dec27a5888cfb4c436a6d56351a31c
SHA512 f4f83c8ae22b1ca668b56949be96d5cabdd44283999ec2f350f47f3c0ae0ffa57a76ff6b83cbcb78c1886078d66ec8e28f0c8a16381239a70d904d8a8f8f77f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 94daeecd36f4b0c10b46ac2dc5baf283
SHA1 6e9a740ea020eec9f62139e7a4888e70993b37fd
SHA256 6eba5e0bd25ce880a72b88edabe6c777a86ebc8cc1ad3e0313d3a0a9375c7a7b
SHA512 04ed0db892b73df7cbf3ab45fe99e2d7e59eabecb418aa268cd4e108b585f1395b8778e0a2b191f53ee9d71fe43fcda0f21eba3dbc3f4763671df9b93296eb3d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 ed127ec75dd5f2c3b99d49cc5e0b2cb3
SHA1 937f41003c02c6ef45ad619acda50c938875e8fd
SHA256 cf110a105ddc822e168c63537a27fd76e8dfe95219db2defdbd1f33766109392
SHA512 230cb15933b17f98a10a12757e212237e632bfb36804b8f73b48f53c398479c5faa5fb101fa8b2ab8c287834d5d7dc1d4b3894c7afae8742c1a35e8dafeaf51b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 53481082d39531a1d87e61ed495480d5
SHA1 5f0183aa5a5cffc8082cc3c363c2e873bc836311
SHA256 0d3d57b5febd76634625713b3ceac26bcbb03214947d7ac9a9f38a94fb3e3aa3
SHA512 462759b1d6337e5ef07dbc331c586fd8ad16786a380cfdcedd499c6718ce5b09de06253b092149a33a0649dedbd2aee793db03d947bc8a2d53465a0a7c409a08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3108591cce661159ee6a333da959f0aa
SHA1 8254d5d8d29ba6a653947bb985481889f8603f51
SHA256 7d88094f8d6f40e5230505df62232786ba84c51e2d39f1ec22f0a8f58821030d
SHA512 2697efde5b48dced15a9b61f80ba4b61d2bb755bade0a1e6c74c9b706d9c71c735aaed27c4b012e23b0054bc618cc2fbb5e9f88bcf801bbe0f87b622e4efa3bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a11070c66e02af9caeb176b809538d0e
SHA1 d3381f7f3ca40c5b7f62b6aed270a3b209c4b685
SHA256 37e37a83170c81319fade7e7fe314b90fb2253ed89d37216aa3bd6adebf49f6d
SHA512 1d593c0bbac8a27e5aab73f4440aec8a271fd37f19c81b033f16ab8509e83f4ec0e4f4042563624fa3862d66db8f243e9f58ddf507d9b1dc7bd4d6ce6e3ea258

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8036e2985136c5eb1232a78a4fbec74a
SHA1 d88843a17db80212dcd7319f8b6f40537c0e1517
SHA256 a5bcaa8cb2945ecb095726c14de4ce420f03c1061e9a99778693d728eadb3ed8
SHA512 5444ce88619a670bb7c0ebb747aa27056a9be57c37b4d751774c409fe70e7bd3aca954467d095cd9a50b2b7f6260024592d1630f6d1310c8443eb4ed9ee76917

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e9f76977291341802a36832552ea5e01
SHA1 d008a1546fb172f93fbf8108a2f7bc336805e25c
SHA256 578ba65db886d3416329be2c4bf805c7a7d2a5ecf6231a6b6ef9e3b3690d1f92
SHA512 5c8e7f668bc071910d82c29f591c19a4693befec06045bf76b4e081959e09f2a08feb1c2c8514e2ad46f0b3b8cf7ba9493255f106ce2490bbe8dacc1ee7cf6c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 924358ae7f128e1146e262671dc916f4
SHA1 cda0917656c7e4563517c73c0909e764afbdd45d
SHA256 c46f6eb6a5f7ef223b54f2595711297c937151b09caed27e292abb4333068321
SHA512 ece551a38fec1cbc7b45d835b07398dfeaba1b47cdce2bb7d9d3330493d5da8ec958857ea785bb15bbcf6ea3611914427f2f7088d12fa7497b649237f89f1c15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 38380358b4c52753f4ca19f34fa68175
SHA1 60e905a3a763ecb9981f63fae12120f006efea81
SHA256 a6436211f4ce5c421efbe7494a1be6398182773f4dfda72c7ed0c081b09d87cf
SHA512 94a95987fcf677fac0aeb83204eaa87d5c4d616822fd7b3b5ddbf0d07b12e76f9bbe5bb72dc71b09ea924d1f850a0e18be8797fdf8b15503a9094c4ab2ee0afc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d6ca6c2f900d71ccc465bd295ac46667
SHA1 dc2ec32714ca9fb1cf564221d0e49ef03c5f8ce9
SHA256 44bcbb8f9a070e67670183ecf3cbcad1c33c19f8b3fea0bbec49ea6584069eec
SHA512 979eee531708fa51624bdda2ce096ea3bca9ab63d156f61a8f757336214f2bd3308cfa2047fe58abc270052fa182f896a7099dc919a6987fbf7320268861ff2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c539437bd36a1d9911fbf064961893b5
SHA1 02ea242278153347913d3a5de0961ab8e5ea30b4
SHA256 80cd1bb08dfb2c666e549d7166b237b5085513d59682d750eb379630a7344371
SHA512 a518fbe969571408618ae64cbf76db30691aa59c227a3ae681d42b9685bcb9508f6bb81ec3a020ab3b75d125593ce06f8afee902f67c9c671815224f270d11f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f822e9e2540c85bdcc6c76e4e7b2d314
SHA1 f0664072aa030d131e0246dce833ec0689b92730
SHA256 5a430c5ac29b87b8bf18794b4b6cc2a6f9822ef32ad6f79e1b6d21dbf2bb36cf
SHA512 370a2c5a50554b995f6d0d7ecf60e1d7229fecd33cbd827e670372329af84b44bbd188f61184f40800769888c39f8af1512553fac4845e0eaaceab761efadd9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3459d6e8f9d08f07655d1bda857f4c30
SHA1 7f9a12ed787d031b664aa08116e825fc9feb225d
SHA256 3d83d788a40fb26ffa27690fc864dbaf79123a088fc8ea97b3b6f2b947bd3c1a
SHA512 c4aaafa3da1dc4832c6afee8c8f98bdcb51bfef3536bf1d813ca036422feb78a2537c284b8df00057288c8badbfb73a231da021efd6aefc7c48bf0a5769e5b5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe6318fc.TMP

MD5 4ab533050c073d7af0623fcb9a816e07
SHA1 bfd9a36854dc6a7c8eddfe8d79089663d538bab0
SHA256 5d1cdff64a15fabd6da387dec46c93b9903ccad41228ca8041b550a7ad2406c4
SHA512 762d433a4a76dcdaf3df3f837a93eeeef37b0590be57deafe06cf1cbd3ab06a778b66777b776ec7b4e4a6d9bd8fe1517c66504da89548089bbd7473935ba6a15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 47896f3bbca10193ea588f7d1cb18195
SHA1 d59d55f82deb9a58434cce107a2ca0d6b4213056
SHA256 6bd92e7f183b7769cccabf2d78dee97cfd762ad91557a6c58e05671001e7e715
SHA512 d8f69b30022351a94f2bb2bab50386d87fff5960a9253b05a1a7a9a1fa6d37696e40fb0010890eb0bbe1c506998533f15c39e2604e17e154a01785a5b8ab3988

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4c963a3304dfa3a91a18e9e06bcb0968
SHA1 bfbb4e344519e6645e32abc17521c2fa5ee75c9a
SHA256 cd2a56fe17066182737a1b195238026eedbc9e905467c5871c59602a0081f8b3
SHA512 7a2c347de59857488a6db8f2e7d713bcab0aab607b77aed295a6b79fa997b849e59d264d0e3af8db5414b86f57dda7ecd8d0f871a30825f836598945ea3e29cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 37bb10154e03504b0d819373687fd8cc
SHA1 a765273ae7c492bfb3c5dd32b64121b11e607e71
SHA256 3fe770aac534105eff52ca05e645e4ae59d61a65e0add9495ce9e26bac45bb9f
SHA512 eb9889fb3c905cdb6174438177db94dff738b6510723a676e91e1e7921623eede7018d0546bebc192359fb7f02f79ca018e099c23b845d44b7865119b4d2adf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 507e6b9ee27cf771c26c757c96d38f7d
SHA1 951285a890a31acddc0340cadd0aa4c7533345f1
SHA256 60b12dc40d29aacb6384ac6330636c02f40a4e631a1924195909300f201b4ecd
SHA512 1a46c39e46cc901657a42d94409666ada6b304809ed8ad5d78569d675c1211f37c5580a636d395d341ce1d10d39a073ba2121d1056cb722cc6e20dfd04110f55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 33400e9472216f4ed7c259c4cd615dd4
SHA1 cb1353f0ad073524015b075c9577e32e278f9d61
SHA256 f8e38204071a524b81a34306227c62ece6260b299c81e97f7157b2b6d8aaedfc
SHA512 7acce614e3a7a54d8b7bba9d365e8da7ab89ec473b2447feecbb519bbcb0b67cc279c1dd137633c94b76ad008634e8c02ee5acc5c4645c1e4b96c8dfcdd314c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0362e2fab66c5867e1edafc3f30ec302
SHA1 bfb284286bc77949aa19de8f658aea10b780b1be
SHA256 acd1a0c67a263be02bc96b102a602293463fc98d3d5004073901a582eef0bfab
SHA512 bae6383a7a759af60d7e658e1181dbb899c1dbe0eefc81ddb2dba1571cadca50120fed2fc76cdaa704491f95e17f05f2061ce26021df3ebacc3db873b34c1249

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 12932b998a36c63feb5fdf18655051ea
SHA1 504062b88a91d2866892840eaf14fce8cca2a369
SHA256 4de129f87ba4ab0666734566a7a84f95ff67c9ff4b1a95a1ca6689cd02af4b74
SHA512 9d92a5952bba1892dc7b529d828ffa25ddc9ea8ea7cdcce82d2590ca5551784137270c0926fe1dd5d0417251371b5c0e31be3ccd6ec090f40061a195f03ded68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 54d9126bccc5c7b21ba5b7627dc04445
SHA1 227309f16d42550385a9ebe3421f2be4283e769e
SHA256 a07063e695fc4b7491aab9add64b03fac3587149b3ebf26f05bfa60e54a94ed0
SHA512 42b65def32f384aadaf566763fe3c24e0b35f6bbaa5632a86a981d6a5a31b85fe896917f621733f4bb3b3000c57bf037fc0eb2ba90a0c7e151ca81b5c41267a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7c6efdb06e2c3cc7cc220bee4f8e5330
SHA1 b396622a2ed06af7f8bd606fbca6253b971147e9
SHA256 02ad415f939df4b975fbc01b3f137052a36fc07deb662f972954b0abf8ee660c
SHA512 84ef88a489702821549ca63792c958a3df8534f9ba212aa560fe14d47d911e868f2bc9e7cd1c22bc8fd6186c66f80843f51c73fc56d294750647be49482afff8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3faa850f7dd9bd47da711e870973089a
SHA1 7aab8762ae164293214c5e24ae1e944efa008a19
SHA256 496ce1008f77c6ffa8f29ad0360d9823d872d48e15e678dcee28dff73b651482
SHA512 24cd5adf28afeec0913935988a6eb29f9312230672b641ce0c71ca2934a79c959e75c84ebc08229d80e6a31db62ed0a31f451d73ed3882c43e91482756d2b3eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7d4338295976ea77ca8e459366e7cac9
SHA1 77507a6d4298ea33c0149a920c0c9ddcd2ecda94
SHA256 ac161240c0979ad07433c91498d6db27a6db6225d5deb917b3ce8f6d57231ed8
SHA512 dc5f542bdbf42ba9d29d9c9b665c97dba09bf08111836e1c06187e7bbe9e0281f4aba2da8d6693f587c53654e5fae4ecfb26f66f6fc0f6a8698b547b1204d3d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 79a34c909de7d4bef89b055a5f4858af
SHA1 cf303b4047a32997db79ce14ea4d44241fd3ebec
SHA256 d8cc177d81c6beda7ab0a4ebf6094cc1640fc375d055b914c490db7317f6b39a
SHA512 6cabf449cd39285de77213beaff021cfffa0c2cdc78dc19ca24a0441d13b5b2d8a9c316532f462ea3560eb34e860b04583c3a4d8d5898ec034b68713cc83f3b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ce0c70312568e70c61006202afef733f
SHA1 a87216a5973a06393b9e7620a3be2835c72b641e
SHA256 069b32a45dcbd4741bf92b44032a79bab035a0e206afc62e641b623f062884b0
SHA512 50848d7320cc85bdd79af051f77c87bd7187bf56ad52bfe2d600dde7a43aefc19702ab302ca9a72eabf82c00fcee438fa635af52ebf14d44956724e4b507e44e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c5c80e9777150f4fd90a5aa009f4386
SHA1 46f9410a41342ea368a0c8f6f36637290391bf50
SHA256 bd2a9b0c0a90930433bb37ac1ef6a6f4779bad8fc312cf6293b805198cdb94ee
SHA512 0deb202713875e72754acaa92aaf150e44702bfa793e5593b8630d864cf06908de6c00090507816bbd1c4dc8db5694b36d0795d5a50055de5bb41000249bb59f