Analysis Overview
SHA256
16930620b3b9166e0ffbd98f5d5b580c9919fd6ccdcc74fb996f53577f508267
Threat Level: Likely malicious
The file Downloaders.zip was found to be: Likely malicious.
Malicious Activity Summary
Modifies Windows Firewall
Boot or Logon Autostart Execution: Active Setup
Downloads MZ/PE file
Drops startup file
Reads user/profile data of web browsers
Event Triggered Execution: Component Object Model Hijacking
VMProtect packed file
Executes dropped EXE
Reads user/profile data of local email clients
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Installs/modifies Browser Helper Object
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Checks installed software on the system
Sets desktop wallpaper using registry
UPX packed file
Suspicious use of SetThreadContext
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
System Network Configuration Discovery: Internet Connection Discovery
System Location Discovery: System Language Discovery
Unsigned PE
Browser Information Discovery
Program crash
Event Triggered Execution: Netsh Helper DLL
Enumerates physical storage devices
Checks SCSI registry key(s)
Suspicious use of SendNotifyMessage
Enumerates system info in registry
System policy modification
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-02-13 04:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-02-13 04:08
Reported
2025-02-13 04:23
Platform
win10ltsc2021-20250211-en
Max time kernel
208s
Max time network
901s
Command Line
Signatures
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\mal\New Text Document mod.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\mal\4363463463464363463463463.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\mal\4363463463464363463463463.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\mal\New Text Document mod.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\mal\4363463463464363463463463.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\mal\4363463463464363463463463.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\mal\New Text Document mod.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\mal\4363463463464363463463463.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\netsh.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\5a58f9242b64263df668b949c7294533.exe | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5a58f9242b64263df668b949c7294533.exe | C:\Users\Admin\Desktop\mal\a\Device2.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5a58f9242b64263df668b949c7294533.exe | C:\Users\Admin\Desktop\mal\a\Device2.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Reads user/profile data of local email clients
Reads user/profile data of web browsers
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-156903528-2922517348-1168185335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5a58f9242b64263df668b949c7294533 = "\"C:\\Users\\Admin\\Desktop\\mal\\a\\Device2.exe\" .." | C:\Users\Admin\Desktop\mal\a\Device2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5a58f9242b64263df668b949c7294533 = "\"C:\\Users\\Admin\\Desktop\\mal\\a\\Device2.exe\" .." | C:\Users\Admin\Desktop\mal\a\Device2.exe | N/A |
Checks installed software on the system
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-156903528-2922517348-1168185335-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Mozilla\\Firefox\\Desktop Background.bmp" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5420 set thread context of 1712 | N/A | C:\Users\Admin\Desktop\mal\a\949wScO.exe | C:\Users\Admin\Desktop\mal\a\949wScO.exe |
| PID 5420 set thread context of 1712 | N/A | C:\Users\Admin\Desktop\mal\a\949wScO.exe | C:\Users\Admin\Desktop\mal\a\949wScO.exe |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
Drops file in Windows directory
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\mal\a\TaVOM7x.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\mal\a\949wScO.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\mal\a\949wScO.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\mal\Files\1188%E7%83%88%E7%84%B0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\mal\Files\univ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\mal\4363463463464363463463463.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\mal\Files\octus.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\mal\Files\octus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSerialNumber | C:\Users\Admin\Desktop\mal\Files\octus.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{31575964-95F7-414B-85E4-0E9A93699E13}\ = "ie_to_edge_bho" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationCompany = "Microsoft Corporation" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\msedge.exe,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationDescription = "Browse the web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\msedge.exe,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0\win64\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\elevation_service.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\AppUserModelId = "MSEdge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{31575964-95F7-414B-85E4-0E9A93699E13} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\ = "IEToEdgeBHO Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\CLASSES\MIME\Database\Content Type\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\DefaultIcon\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\msedge.exe,11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-156903528-2922517348-1168185335-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\PdfPreview\\PdfPreviewHandler.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/svg+xml | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\AppUserModelId = "MSEdge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.xhtml | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID\ = "ie_to_edge_bho.IEToEdgeBHO.1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO\\ie_to_edge_bho_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.xht | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds\MSEdgeHTM | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationName = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FCBE96C-1697-43AF-9140-2897C7C69767}\AppID = "{1FCBE96C-1697-43AF-9140-2897C7C69767}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Programmable\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\open | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\msedge.exe,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ = "Interface {C9C2B807-7731-4F34-81B7-44FF7779522B}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO\\ie_to_edge_bho.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\CurVer\ = "ie_to_edge_bho.IEToEdgeBHO.1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\DefaultIcon | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.mht\OpenWithProgids | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-156903528-2922517348-1168185335-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\AppID\{1FCBE96C-1697-43AF-9140-2897C7C69767} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\ = "Microsoft Edge PDF Document" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\runas\command | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids\MSEdgeHTM | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\DefaultIcon\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\msedge.exe,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\CurVer\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\runas | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --single-argument %1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{1FCBE96C-1697-43AF-9140-2897C7C69767} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\ = "PDF Preview Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\CLASSES\MIME | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Programmable\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\VersionIndependentProgID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\ = "IEToEdgeBHO Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\DefaultIcon | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\open\command | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.xht\OpenWithProgids | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Downloaders.zip
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REVBOUM2OUYtQjdBMy00RjJCLUFFRDgtNzgzN0EwNTQ1NjlBfSIgdXNlcmlkPSJ7M0NGQTJGQUUtOTgxMS00NDUzLUI1MDktRDYxRTUyRjFBNERBfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NTkyOEE0QUEtNEJFNy00NjUyLTg5MjktQzk5NkFCRjA4RDVCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMSIgaW5zdGFsbGRhdGV0aW1lPSIxNzM5MjcwMTc2IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM3NDE5NzIxMjIwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDc1NDI5MTM4MiIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Windows\explorer.exe
"C:\Windows\explorer.exe" shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 27334 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {10cfa1ad-a19c-42bd-aba0-ab310d377179} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2308 -prefsLen 27212 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91e0ea02-4959-4331-9137-30d29b620857} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3132 -childID 1 -isForBrowser -prefsHandle 3156 -prefMapHandle 2836 -prefsLen 22636 -prefMapSize 244628 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {154d1091-82b4-4aed-9949-191b15fc329c} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4024 -childID 2 -isForBrowser -prefsHandle 4016 -prefMapHandle 4012 -prefsLen 32586 -prefMapSize 244628 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5af375a2-89a0-4b00-a62e-02bf201424da} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4988 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4980 -prefMapHandle 4976 -prefsLen 32586 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42df24ca-8801-4d1f-be07-78f71601f7ea} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5296 -childID 3 -isForBrowser -prefsHandle 5392 -prefMapHandle 5388 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bff77d63-4507-4b1d-9e0c-52737eaf8255} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 4 -isForBrowser -prefsHandle 5548 -prefMapHandle 5552 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e38afb9-2f30-4ca9-8604-0bf0b1d20c2c} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5800 -childID 5 -isForBrowser -prefsHandle 5720 -prefMapHandle 5728 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c28758a-b8b2-45ed-bde4-5d303706949d} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4656 -childID 6 -isForBrowser -prefsHandle 3520 -prefMapHandle 3516 -prefsLen 27257 -prefMapSize 244628 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76492815-23da-4c8c-ae6d-8e47459be859} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6756 -childID 7 -isForBrowser -prefsHandle 6748 -prefMapHandle 6488 -prefsLen 27257 -prefMapSize 244628 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e3a4eba-5d5f-4c64-b4c5-418a35952ff4} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
C:\Users\Admin\Desktop\mal\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\mal\4363463463464363463463463.exe"
C:\Users\Admin\Desktop\mal\New Text Document mod.exe
"C:\Users\Admin\Desktop\mal\New Text Document mod.exe"
C:\Users\Admin\Desktop\mal\Files\octus.exe
"C:\Users\Admin\Desktop\mal\Files\octus.exe"
C:\Users\Admin\Desktop\mal\a\Device2.exe
"C:\Users\Admin\Desktop\mal\a\Device2.exe"
C:\Users\Admin\Desktop\mal\Files\svchost.exe
"C:\Users\Admin\Desktop\mal\Files\svchost.exe"
C:\Users\Admin\Desktop\mal\a\TaVOM7x.exe
"C:\Users\Admin\Desktop\mal\a\TaVOM7x.exe"
C:\Windows\SYSTEM32\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\Desktop\mal\a\Device2.exe" "Device2.exe" ENABLE
C:\Users\Admin\Desktop\mal\a\949wScO.exe
"C:\Users\Admin\Desktop\mal\a\949wScO.exe"
C:\Users\Admin\Desktop\mal\a\949wScO.exe
"C:\Users\Admin\Desktop\mal\a\949wScO.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5420 -ip 5420
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 1060
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\MicrosoftEdge_X64_133.0.3065.59.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff791456a68,0x7ff791456a74,0x7ff791456a80
C:\Users\Admin\Desktop\mal\Files\Vidar.exe
"C:\Users\Admin\Desktop\mal\Files\Vidar.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff791456a68,0x7ff791456a74,0x7ff791456a80
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6afb16a68,0x7ff6afb16a74,0x7ff6afb16a80
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6afb16a68,0x7ff6afb16a74,0x7ff6afb16a80
C:\Users\Admin\Desktop\mal\Files\1188%E7%83%88%E7%84%B0.exe
"C:\Users\Admin\Desktop\mal\Files\1188%E7%83%88%E7%84%B0.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6afb16a68,0x7ff6afb16a74,0x7ff6afb16a80
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
C:\Users\Admin\Desktop\mal\Files\univ.exe
"C:\Users\Admin\Desktop\mal\Files\univ.exe"
C:\Users\Admin\Desktop\mal\Files\mac.exe
"C:\Users\Admin\Desktop\mal\Files\mac.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5276 -ip 5276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 772
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5276 -ip 5276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 780
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5276 -ip 5276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 852
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5276 -ip 5276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 872
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| NL | 4.175.87.113:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.11.108.188:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| IT | 91.81.129.180:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| NL | 20.31.169.57:443 | fd.api.iris.microsoft.com | tcp |
| N/A | 127.0.0.1:50332 | tcp | |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 151.101.3.19:443 | www.mozilla.org | tcp |
| US | 151.101.3.19:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:50341 | tcp | |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | ac.duckduckgo.com | udp |
| IE | 52.142.124.215:443 | ac.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| US | 8.8.8.8:53 | improving.duckduckgo.com | udp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 172.217.169.78:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 23.55.161.185:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 172.217.169.78:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-aigl6ns6.gvt1.com | udp |
| GB | 74.125.105.7:443 | r2---sn-aigl6ns6.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-aigl6ns6.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-aigl6ns6.gvt1.com | udp |
| GB | 74.125.105.7:443 | r2.sn-aigl6ns6.gvt1.com | udp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 151.101.130.49:443 | urlhaus.abuse.ch | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 151.101.2.49:443 | urlhaus.abuse.ch | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | a19ccc1.oss-cn-hongkong.aliyuncs.com | udp |
| HK | 47.79.66.211:443 | a19ccc1.oss-cn-hongkong.aliyuncs.com | tcp |
| US | 8.8.8.8:53 | servicetelemetryserver.shop | udp |
| US | 172.67.150.214:80 | servicetelemetryserver.shop | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| RU | 185.215.113.75:80 | 185.215.113.75 | tcp |
| RU | 185.215.113.209:80 | 185.215.113.209 | tcp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:2111 | tcp | |
| US | 26.151.148.22:4433 | tcp | |
| US | 8.8.8.8:53 | api-fgg3.cname.ah73g.xyz | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| HK | 103.116.246.3:808 | api-fgg3.cname.ah73g.xyz | tcp |
| US | 8.8.8.8:53 | modernakdventure.cyou | udp |
| US | 8.8.8.8:53 | importenptoc.com | udp |
| US | 104.21.47.135:443 | importenptoc.com | tcp |
| US | 104.21.47.135:443 | importenptoc.com | tcp |
| US | 104.21.47.135:443 | importenptoc.com | tcp |
| US | 104.21.47.135:443 | importenptoc.com | tcp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | cdn.ly.9377.com | udp |
| GB | 79.133.176.222:80 | cdn.ly.9377.com | tcp |
| US | 104.21.47.135:443 | importenptoc.com | tcp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | client.9377.com | udp |
| CN | 120.79.30.240:80 | client.9377.com | tcp |
| US | 26.151.148.22:2111 | tcp | |
| US | 26.151.148.22:4433 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 104.21.47.135:443 | importenptoc.com | tcp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| DE | 77.105.161.58:80 | 77.105.161.58 | tcp |
| CN | 111.231.145.137:8888 | tcp | |
| CN | 120.76.203.28:80 | client.9377.com | tcp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 151.101.66.49:443 | urlhaus.abuse.ch | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 151.101.66.49:443 | urlhaus.abuse.ch | tcp |
| RU | 80.66.75.114:80 | tcp | |
| HK | 103.116.246.3:808 | api-fgg3.cname.ah73g.xyz | tcp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | FGQNrbtYCvA.FGQNrbtYCvA | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | FGQNrbtYCvA.FGQNrbtYCvA | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| DE | 188.245.87.202:443 | tcp | |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | arpdabl.zapto.org | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 26.151.148.22:2111 | tcp | |
| US | 26.151.148.22:4433 | tcp | |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| DE | 188.245.87.202:443 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:2111 | tcp | |
| US | 26.151.148.22:4433 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:2111 | tcp | |
| US | 26.151.148.22:4433 | tcp | |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:2111 | tcp | |
| US | 26.151.148.22:4433 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:2111 | tcp | |
| US | 26.151.148.22:4433 | tcp | |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| CN | 120.79.30.240:80 | client.9377.com | tcp |
| US | 8.8.8.8:53 | FGQNrbtYCvA.FGQNrbtYCvA | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | servicetelemetryserver.shop | udp |
| US | 104.21.56.121:80 | servicetelemetryserver.shop | tcp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | breedertremnd.com | udp |
| US | 104.21.96.1:443 | breedertremnd.com | tcp |
| US | 104.21.96.1:443 | breedertremnd.com | tcp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 104.21.96.1:443 | breedertremnd.com | tcp |
| US | 104.21.96.1:443 | breedertremnd.com | tcp |
| US | 104.21.96.1:443 | breedertremnd.com | tcp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| CN | 120.76.203.28:80 | client.9377.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| DE | 188.245.87.202:443 | tcp | |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | www.y2126.com | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 104.21.96.1:443 | breedertremnd.com | tcp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | lsks.volamngayxua.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| US | 8.8.8.8:53 | safe.ywxww.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| CN | 60.191.236.246:820 | safe.ywxww.net | tcp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| RU | 185.215.113.209:80 | 185.215.113.209 | tcp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| DE | 188.245.87.202:443 | tcp | |
| RU | 80.66.75.114:80 | tcp | |
| DE | 188.245.87.202:443 | tcp | |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 104.91.71.91:80 | r11.o.lencr.org | tcp |
| DE | 188.245.87.202:443 | tcp | |
| DE | 188.245.87.202:443 | tcp | |
| DE | 188.245.87.202:443 | tcp | |
| DE | 188.245.87.202:443 | tcp | |
| DE | 188.245.87.202:443 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| DE | 188.245.87.202:443 | tcp | |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| DE | 188.245.87.202:443 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | FGQNrbtYCvA.FGQNrbtYCvA | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 26.151.148.22:2111 | tcp | |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| PL | 45.80.158.31:80 | tcp | |
| PL | 45.80.158.31:80 | tcp | |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| SG | 18.141.204.5:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:2111 | tcp | |
| PL | 45.80.158.31:80 | tcp | |
| PL | 45.80.158.31:80 | tcp | |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | jirafasaltas.fun | udp |
| US | 172.67.193.102:443 | jirafasaltas.fun | tcp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| SG | 18.141.204.5:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| PL | 45.80.158.31:80 | tcp | |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| SG | 18.141.204.5:80 | tcp | |
| US | 26.151.148.22:4433 | tcp | |
| US | 26.151.148.22:2111 | tcp | |
| US | 8.8.8.8:53 | unitedrat.ddns.net | udp |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
| PL | 45.80.158.31:80 | tcp | |
| RU | 80.66.75.114:80 | tcp | |
| US | 8.8.8.8:53 | ggdropnet.ddns.net | udp |
Files
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | 125e538dc03bc98eacfd0e91867ac72b |
| SHA1 | f8d56bc95ab2dc9944da1c8798cc8d0d29538835 |
| SHA256 | bf9ba148cebc725950058feb71d5bbda03ab8de051efe24facb8c266113d19b0 |
| SHA512 | fc6b135fa519865222d52870c5164f55924bc611da3ef9a1103e3f39804fc1b966f3dd2fb6f86d7cb6c7af44049133feb1cfcfc2d826d781d68a5382f903eb90 |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | ef98c03cc1b4e5d98fd36f1d6699ec49 |
| SHA1 | 4e0708deec6544d1f0ed0139a051bab4cf852c37 |
| SHA256 | ec1e5ba781a08c2400f03dfdedafc3a386647f2c63430907517e68ea59e71207 |
| SHA512 | 3d8c727098866fdc1ecf688de0b141871bbcbc46ce3b68cd90d227c1347dcc283e0d186b212375160b6efe4ca7bbcd5a7101bd110761e5c038521110af57ff71 |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | a1fd792536775622d4c7563ecbbe73ab |
| SHA1 | 3b2b5af3acb1ebb8f6ee2c219980ba1aa83a17a7 |
| SHA256 | 43f58cbe9839cdc69cc1040024caca86b5f5815c60a2e9e839cd6c5444924a11 |
| SHA512 | def18180c76d6658035ac67b3fda63fc21f615267b3d82e91993eedda95d12d986778a98baf9cb42c692a59bd2708f3aab672c25f83310dad1e6701c16eaadcb |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | 42369ef907d19524468b3cc9ef548eef |
| SHA1 | e31108478a580eed7537833c262e13b31e572dfe |
| SHA256 | b49f8e8011aeceab19dc41210d2ff1aaeb4dac4201a67f318783f7352cb47c68 |
| SHA512 | 2428c59f3310ab792cdf96f7360ff5cb094f830a8d41cf134c7e6dcad690e77a4b51fbe171e4903605302be930b1a1c1061f5c4555ac576c3b9e6c3fe803f103 |
C:\Users\Admin\Desktop\BackupSync.jpeg
| MD5 | b4ce7ee189aa444a8c39bb0f5f91139c |
| SHA1 | cb9ed0c61d210c471fc545d5402ffe4623f27b00 |
| SHA256 | 1f6b8042005d43a2d5a95a0e9fdd055db8a6dac5b242a1268472086a763c53a7 |
| SHA512 | bf0bc467d7d8349ae8d65a3e2e60c8586cc5710103342ac10fb586d2dc87cdc6190801948ca896bd8131a221f933e4fc5383a7280c01e1d3f185afa8283bab0b |
C:\Users\Admin\Desktop\CheckpointSwitch.gif
| MD5 | ef05af03d88cb77b16faa342927f10bf |
| SHA1 | 46ccbb2bf3533d7887170124778b248c24d59de0 |
| SHA256 | 69997289087c68876d54a9cfba46800bbb591ccd7cbaffac141c6ec8a3d11f7f |
| SHA512 | 629dcfcae23773812facce3410d08285b231735d2fadf5a96d9d919a5ac2e8a1f955ed38ff0536005c54072f0a646d3b135f7e638df0e7e6a9fe2ec9bbc82f9c |
C:\Users\Admin\Desktop\CompressGrant.vsw
| MD5 | 37f9adf4359bad3895cefa48a73d7064 |
| SHA1 | 8d35e0307469e3acf50020dd0009f7ca15637246 |
| SHA256 | 44daef756ae7c0dd545eb62cda7332239a7658ac4c660aa0820ee64f577cfc5c |
| SHA512 | 2af6daeb5c95bcb64102cd1a78e9f1e47dadc4cb1b189f96ac599b082b3be02a71fc40630c9c19742fba24fbf208714d29968b05c0688f3678af5c8605276446 |
C:\Users\Admin\Desktop\DenyShow.mpeg3
| MD5 | 5df3efc8487d8b5b98f87e68c60aa63e |
| SHA1 | 175aac23d884684dd828d5c4870790695198e776 |
| SHA256 | af36175bc6728e705df20709f6d275ac1aaf14d1c5936f7f8ac64b930da10d76 |
| SHA512 | 7c60b65299155c64657e60f03f85e6c22ff3dbb3ca47ebb8243a112ccda559c5929395372ce90138d2042f9f25b35ce75c08d2b0e46af6d665f9765c739aba83 |
C:\Users\Admin\Desktop\EditUnblock.scf
| MD5 | 29b3897c199e2b50a0095c0d74de94a4 |
| SHA1 | 2e1cdbb38260678f66ca9223c8300f5a75e62a98 |
| SHA256 | cc1540b9277e17eb6861768e635b80debab8e419f86da322ee79e8d0413efb1c |
| SHA512 | 713a2b46a8f1ee35940bbea55aee18003a37233c14c023d0a92d54268957f94c2f03f5caefa90f41242c87f60917c8a5a50ed3364e753710e03c9cbdd4324bb8 |
C:\Users\Admin\Desktop\ConvertToUnlock.cab
| MD5 | 61ca5568a63c2417f45f1110a2e7679a |
| SHA1 | 99bb9c4fde3a208ca5209decd9abc46783578d39 |
| SHA256 | 7d7ff6bc56c6ba9cd9a361ebc9f429e65fc15a942f337c714a3de7b568310732 |
| SHA512 | c126a1761efec477c6d834f2f8ae771c063599f5f7c88c25320e291f7b38b93f0950eb591ad53b263c72f671e2e6d3a5e24af891f728a0ba718c4fa19bccf147 |
C:\Users\Admin\Desktop\FindSave.xls
| MD5 | 8b64bafaa5826e0354aac61462ad1c26 |
| SHA1 | e15f73160b6f0678988ceb494ca6af528f8368e6 |
| SHA256 | 1887b88079b03b32629a27dc6b2b8543a2be54617bf289c8bf1dde3f552446e0 |
| SHA512 | 354011e6d9f9acd1132c4d461a9bc7d0f314522fb9ba2a86bbd8159d900073de1930aa54b8d0ae54a0e525b5268c279937fd23ce30cac71ad6cbcf6962b0b512 |
C:\Users\Admin\Desktop\PingSubmit.pdf
| MD5 | 55f3ef14e6fae10238d1767a65a59082 |
| SHA1 | e15e12fb87ba631d43be928f74d8584c13386b6e |
| SHA256 | 51208503585c9ddcb657f8d492b23b14e647db0a11833cef6a3e70efde71221a |
| SHA512 | f39f6195a1b753b2058b0f97529af7f005b2643eb6c6c8d97370f2bf0f667aba0ec42425d8f2b6b1da9f8f93feed925b27e128f6713de0c2d6ad4331ee0736a7 |
C:\Users\Admin\Desktop\LimitDismount.m4a
| MD5 | 68f01c444af6f00d2a759653e47f49ec |
| SHA1 | 3a2f951d3e1029ddef409a0d0e6102bfe926039b |
| SHA256 | 5fc63dfe6e817894683052fea0cf1f1af48d977cf01712efa0554aaa58948603 |
| SHA512 | 9c265de2206b46f6852221b79595c0ea81e352670c813cbb2a45d64cdff60c568a4b74b48db88fe0cd87d6cad1199e90b0181c95b6a8db255b4112e46667bcaa |
C:\Users\Admin\Desktop\InstallCheckpoint.mpg
| MD5 | e8990986eda234de257ac820acc21eea |
| SHA1 | 3ec06b155fee66cf2e60a809247a9d2122b9e78f |
| SHA256 | 3bd632ab3c530f12e1a885b741c3efa668b8ce88121ab426be8cbac96d1c9b2e |
| SHA512 | 41e98a18ef202b8d5c44e3ffa68419232c9a564ad3356002697f6b48ac63c8eb70cf4502d72054ba90c3fdef3847087dabfd9f318e5264b29d239789265b42d3 |
C:\Users\Admin\Desktop\FormatClear.mpp
| MD5 | 8d990cd031ec356918757f7477c928ae |
| SHA1 | ce0a6bf9d69546349563deb45a59649c60329353 |
| SHA256 | 55dde9fce274e7555d4b63e38b21d97b4f8dbd1c38776e07863319f130335840 |
| SHA512 | 833ce6f8ffaeaf7e5f43d543a7cfee359ef128dd5755be5dbf2fc809ebcc15c182df43f3738db55a1243a8d7d5dbc65e2dcbde02cc977fdaa76e193a7be7c19a |
C:\Users\Admin\Desktop\ConvertToSkip.wmf
| MD5 | a40318eba3a5807deb4d55f0c8c1f034 |
| SHA1 | 5e6e9139cb6d6b51c79f2d978bc7bbb7e9d6e836 |
| SHA256 | dd470708ee0bbdd40530ce9ff475fd176852fed23c5e4d497252f889e73ae65b |
| SHA512 | 46a180668074f1ea244c8dc09f318c3af19bb592d3e680d2cf72b340b2bc8f1beec5ffffce6e1a84c08a0ad5ac86113730357e19b50e8773683ea4d7e46673c9 |
C:\Users\Admin\Desktop\RenameUnpublish.MTS
| MD5 | 9e6d17099acd4cbe43ba955b5ceb6f38 |
| SHA1 | 42af9b2b86cf1f7fd6702214cbd987691e5645b2 |
| SHA256 | 9c2c58350fd1d619b7600e1d1326c9981ebed368eae46356c00232ccf8312954 |
| SHA512 | 3dd985556a67eea937a594c67dd2fd98b122a4c0c817fb1235caac3454bb3a900015f7da17ad46d59f9b36d1bc431f7a2aa02f9ecebf7973303f56ee656e4072 |
C:\Users\Admin\Desktop\RestartGet.xml
| MD5 | b001ccb7558ca3c0f38baa3b5ce28a31 |
| SHA1 | 20569fad5624ecaf5a88a070156bccfd919ae3b0 |
| SHA256 | f55400006e5c30b2dc8eede967610376ca5b0ab50114ec8017b97cbb6cd6f692 |
| SHA512 | 2e2d731940a6cdb2e8956b9348a352f94648f48a00115b21fa9e177b5a57af3d010dd191a2bff56a4d3d467c72eb91aca59f3f8c314b9aed930f70ef2df46744 |
C:\Users\Admin\Desktop\RestartReceive.jpg
| MD5 | 856e171e2e405edd3108e832539f0ad6 |
| SHA1 | 2b5699421e673bcb3858e7d7dfb8ff7387d21ef0 |
| SHA256 | 96421d0218ebc4d3b5d8bd19bfdbee41385b9c946bebbc1c376b16290653e216 |
| SHA512 | 11eb865f11c94d8d547395b7ee4fa51d696ae4eba2f34b0bf274301b7b8c786618c7070fb63178aa647adea21e61a7813d64ad392af752dcc3ab66dcc83b0d76 |
C:\Users\Admin\Desktop\UnregisterLimit.zip
| MD5 | c481df8fbc419b282f8e8b7ac2bacc65 |
| SHA1 | 12fc0abb231f2be378a00664abeb2fa92ad16fb1 |
| SHA256 | 37ef3f43d91dbb426ede49ccbe351ba0921a6424297d91e2457d4929bea0db0e |
| SHA512 | f6430ac9da138476f952e2f26af30ab5a6401e5f4a8c3682d0be18c41d16baf099f71caa99d6cc0cb286e965ffafedf8436ccb8907454dc75a7d991d7977e4f0 |
C:\Users\Admin\Desktop\UndoInitialize.wma
| MD5 | 6aae162c50aba56703342984c62389f2 |
| SHA1 | 6e937d75a8db01e05cff5fe1f284e43f215df19c |
| SHA256 | 0eb80fff48e775e25cbab50af8de7e716312e10459d3bf8482a7953a305e4c59 |
| SHA512 | fdb2ab88fe6eef36152390b122853fba668a364d117929ff66254b35cf6676a3c1c592b7b267056b8d2eb4c20231aedc81d93f0af1d137b4f633fa9691c17505 |
C:\Users\Admin\Desktop\SyncMerge.wma
| MD5 | 86aa444e4d0e5f870cb62f1ac356d039 |
| SHA1 | d3e1ec2ddea1f40015539f056111099ad35187e1 |
| SHA256 | cf9580822240f0b6dbcde140fd1e8d21510c25f9c602063831f36b8796c9fa06 |
| SHA512 | f199ccd4a2d34b79838bbbfbf09d6d0eb0552e607fb5a61ac1c3e3b2b38c3b8db712d35dbf84afcbbeb98f8efc33e8488f859d388cff941360b6009a41d9067b |
C:\Users\Admin\Desktop\StopClear.rtf
| MD5 | 1dfc93785f8599ed9292927bf30bbcbc |
| SHA1 | a82d0e0916e3ffd1c056b0a43db81318e666b4bc |
| SHA256 | e60efd3bad8667db08389d3fd3c0368bc80411f579a20ee664e3578849a4de80 |
| SHA512 | 9184b041f44202b1ff89d4088ef849f43c4db5b30edc27346b24aa0326d5c88cb3205c6b301b27ceaa7b567f03dc998ba320c9f453585a977fad6e22d7742d83 |
C:\Users\Admin\Desktop\FindReceive.docx
| MD5 | 81a7bfa539c7d7cac0790097299d1e62 |
| SHA1 | 0ef3a441c6d10214987e25c7d6e131fd4001b952 |
| SHA256 | 11601d20caf618ee970cc220f28cd108cecec45ee92aa2755cdf7bb0999352a0 |
| SHA512 | 85a2c1459157970a9251f49d33e42aec9ed9d41c299b633427c8cdbee52188d011c7e53c5cd4b2b52f8a2612c280076f230066967d488ac045b25d92c838045a |
C:\Users\Admin\Desktop\UnpublishClear.docx
| MD5 | 2782fd5860a2cd6fe630fc497b0a9961 |
| SHA1 | 3ea89ef0b8897e2fe2d53f4a5425ebc4a83aaba5 |
| SHA256 | 2ab643ce223bce75ed4c203a57d5dfbf9fede5a8e40640f39d629259ff92a941 |
| SHA512 | 1b8370f1fa69c20e06ef0cb7f45355f77336134890ec7643de7c90329a81d1e2e26ffafda3364b78e7f8abe3d786b2d7a9f2e4607531f95a2404e58160586c47 |
C:\Users\Admin\Desktop\WatchWait.xlsx
| MD5 | 00cda9689faf77ee92c372e6c1806e5b |
| SHA1 | 8f9fa2545202c78c860c784635d4bc016caac2d2 |
| SHA256 | 03bfd85877de70cf5eea90a131428bd08bb9b5c0c8da6218a75b38c24f4644c2 |
| SHA512 | 3d7c04bdbc72bf5f3af08ab7d061f12c6fdb04a782a8894e6ab78e01bc761f65a609d05789526eed84196894754d2dd69d0da02350c8ce51476c20d425d9054e |
C:\Users\Admin\Desktop\RedoStart.xlsx
| MD5 | 44f9fae1e4ef743c6f0b87bb2465c293 |
| SHA1 | a1886d628263b817a9bf72197b77313db42d7f95 |
| SHA256 | 11a5536b2e2955d30486806cb381da00a448f82903871ae2e21ffbecc58466a6 |
| SHA512 | 85883419a158d0840f2a97b9686195101434e710299c6fc1e7cfe233e7ab03fe7ca4337c82ff7189cc31993e604f698c23d236678247375c959cae4279e173c5 |
C:\Users\Admin\Desktop\BlockLimit.MOD
| MD5 | 8eeed68de9d874b295924d6258e91f84 |
| SHA1 | aa74eb5dc2bfd503173bf0df28b7ccd0e3db7aa2 |
| SHA256 | 1b4b3f174b43d3685a6af07118010c0b4058de596e1da58d24c141aae4db8880 |
| SHA512 | 39deba77bede078403d041400e6fd983f20630cb35b4bc5849da17cefb3d271a4533ad0b2f93f2d3756c254e6acda8daa63dd5ff78b516d6f1c4001430e9b1b1 |
C:\Users\Admin\Desktop\UninstallSuspend.xlsx
| MD5 | 96804388e6c9e767d18a157cfa2573a0 |
| SHA1 | 84b1b990f44859c15955be00ccc0391756d2148d |
| SHA256 | a86d051433ebc08b68e967d80b1ad674c8195524901e52cc23d2ff942d46b391 |
| SHA512 | b0eaf97e07cc0ed5d0fe07219cc3c7bfbf8dc983ed7e05de302163680afb9bf75520fbdf2d3ca451e8723f6dff135853a6317368ee02da30caee1e35fecc69df |
C:\Users\Admin\Desktop\SwitchDismount.txt
| MD5 | d505b4bd13e9c4c701f2492af5be93f6 |
| SHA1 | 50786e5de010dffb4024d36af7efec6114415471 |
| SHA256 | 7c4c2d391b7e3d19077820b5a3ee4db9893656faa6537e54e7aaebbec93546bb |
| SHA512 | 22ba1d44f307eed44971f102c60fe618e5ae7f7c2ff7d42bdecf8f75000adae2e199c09f5c4b65cb7c468aeeae86af0408395ce039bba2e71156ea89c43a136f |
C:\Users\Admin\Desktop\OpenInitialize.iso
| MD5 | 88e857fd6b565f126644571895ad705b |
| SHA1 | 395862438e5249673f773f8d9fc3e22643f7a92c |
| SHA256 | 4892eb8cfe6bd4441cddf81ada5840c0b1f26a00dba3f9dc67aa010740025e43 |
| SHA512 | 7ee00c13edfcbfde3ef16faea34f4bb7dd2f10f9d0603a436fec8498e804d570a265cff25495cd0b960e4ee8ca081d3eb65d558e321ddee17d8524b00b82d885 |
C:\Users\Admin\Desktop\DisconnectEnter.ods
| MD5 | 9eabf79fb7bd48189a5780edb84a6da4 |
| SHA1 | b90e3a3d4c67a6fb834f0748a408e7880209cdca |
| SHA256 | 55e3d5f3b47ede52f09b8433211698b6c4093bdb5b5d816d22d1d25fbadd6a98 |
| SHA512 | ba58b37001e8350941de4c55dab9c00ba391a14408065f87146a937343ad4c42715eace984217304ac6f46b68b821358a337eb1d12f69f3f2a8ad51fa00265a0 |
memory/4764-33-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-34-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-35-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-45-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-44-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-43-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-42-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-41-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-40-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-39-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
C:\Users\Admin\Desktop\New Text Document mod.exse.zip
| MD5 | a7b1b22096cf2b8b9a0156216871768a |
| SHA1 | 48acafe87df586a0434459b068d9323d20f904cb |
| SHA256 | 82fbb67bf03714661b75a49245c8fe42141e7b68dda3f97f765eb1f2e00a89a9 |
| SHA512 | 35b3c89b18135e3aca482b376f5013557db636a332a18c4b43d34d3983e5d070a926c95e40966fafea1d54569b9e3c4ab483eaca81b015724d42db24b5f3805f |
C:\Users\Admin\Desktop\Downloaders.zip
| MD5 | 94fe78dc42e3403d06477f995770733c |
| SHA1 | ea6ba4a14bab2a976d62ea7ddd4940ec90560586 |
| SHA256 | 16930620b3b9166e0ffbd98f5d5b580c9919fd6ccdcc74fb996f53577f508267 |
| SHA512 | add85726e7d2c69068381688fe84defe820f600e6214eff029042e3002e9f4ad52dde3b8bb28f4148cca1b950cd54d3999ce9e8445c4562d1ef2efdb1c6bdeff |
C:\Users\Admin\Desktop\4363463463464363463463463.zip
| MD5 | 202786d1d9b71c375e6f940e6dd4828a |
| SHA1 | 7cad95faa33e92aceee3bcc809cd687bda650d74 |
| SHA256 | 45930e1ff487557dd242214c1e7d07294dbedfa7bc2cf712fae46d8d6b61de76 |
| SHA512 | de81012a38c1933a82cb39f1ac5261e7af8df80c8478ed540111fe84a6f150f0595889b0e087889894187559f61e1142d7e4971d05bceb737ed06f13726e7eae |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\83vcsvae.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | a4472d402bd0e631433023facf5b73e9 |
| SHA1 | 91267bd951a23f28abfbcac8264884d7147a62fd |
| SHA256 | d56ead1a6bcce8e57423e11be3b94c994eddc4fe15bf8d56a21704b0869735f7 |
| SHA512 | 60a69bd1bb6d2d70e0d4c8d14e3aa32ad02ff439fec24682499afe7bc0eb77ca7cfca4844358f943d82b7d6f68c43770efe9cf01465be21be8f9ab94c91924d9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\datareporting\glean\pending_pings\00508eca-1d80-4f17-89c8-4b6c42e4b503
| MD5 | 6ec9a5cca6f8e26a3bc008b1d467d316 |
| SHA1 | 69b3cb8592e55ee42be711b24905889d0698268a |
| SHA256 | 941e1879e26829f1c1a9d8629715a03857c3126f4af9fd7fb1a7024b14d02d0e |
| SHA512 | 298b58c36ffcede8c93b489912112998f093925dfaef1495c1763029324030290759275532ab6ccb69df50606f18f526b6a451e7f6b0cdd6b97308b357977187 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\datareporting\glean\pending_pings\b0c1c54d-bc99-4ff8-868d-688497c2654a
| MD5 | 04836f286003cc178c0603bf7260d66c |
| SHA1 | cfcec1562f81501a27f7e01480159d339f10245f |
| SHA256 | 9239b911c4073f03a06f5b03d66a6952490c98f84b8bd0cda46a93221d28fbf3 |
| SHA512 | 1eb53042a5c1bd5e856da7aa2a282cc7aa7fd6d498e115ffe2a9612de70324dea8fd4ddcbf7f2908e755ac1bcc16719007629f82ded7d50752d3081937f070e3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\datareporting\glean\pending_pings\4860daf4-c359-4e33-b701-b31ba19dddd5
| MD5 | 22feb1498434567f06f5c724366d513d |
| SHA1 | 92e3386c7d3776022522220519f34e3e58b7c10a |
| SHA256 | 8191c66e54afb8dbb4fe750bbcbd53bec8533c79cd37dbd540c1bebf215821e1 |
| SHA512 | 4c3b4f99138a02391e0469dd85b71e45e4ffd6a239913ef63ac51f452f4227501b0514c9757ac4a4fc00a0629e4e3d2595190da3b688c575a267842f3c058649 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 79839cd26fd28af0ad218c1c7186d072 |
| SHA1 | f4d52a601bfc2c0a3ed6f1bc24376b682301b2b5 |
| SHA256 | eeddf5d2da9db4d06574bfdfcb4a3ddc630a5e155796b2adaa8140e8e5a22a60 |
| SHA512 | f02d9912ee356990d0247cabad5c4713ebfa2e17a8a0830c28b8ce1ae23dc2decce6e6657ad23d2416462a4828f234f451660480cbed7ed6a129e63544f0cb16 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\83vcsvae.default-release\activity-stream.discovery_stream.json
| MD5 | 7a0bac9a91f0219aeccad11b1d0efbf3 |
| SHA1 | ab14f033c86906d2364ede9be0cc2338a41c29af |
| SHA256 | 5ea3801b87471ccee0efbd73afddafbaf33b0e5e2a50220ea1a6d4bc21dcdb8c |
| SHA512 | f675d35a3418f29d270e14f69cc1ffcb860172fafc0773a7316a5493115826de31d4dbc074536a34539f4c0d5865592446abc970ef0577863990639ca4f67069 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 8ce091ddb14e2c21c857f712a6fa6b5f |
| SHA1 | 692129549245284de163c0bebf208e83cadfec3a |
| SHA256 | aab1ecfa4673f5983b4a52bc3655aaef2ef0298384ca9cf5e4a41e8744b6a982 |
| SHA512 | fcbfa0b330548cff28b7d424c6f2acab6e6c93b39a808f740b6117d5f05efbf4dad4e83b5097d358b27cd58465673428078a931a8a06bf32d6395b381a44259a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\prefs.js
| MD5 | bb21789e942558915d30ed46f92c2c42 |
| SHA1 | 34e778adf5395cb436946c02cbca0f3a1234f6fa |
| SHA256 | 05e1335aae647bd0b34d042b3160012e852af7440527eac20c24597ee48c05ae |
| SHA512 | 6d6e27eab3e55ad7b66f1bf21d88fa300d06a99fbee09c4f94dac79f96fa7e4a6bb1493fb40455eba3076d5f2155d93c168c1b53c2e599ae3efb829b9b6a465e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\prefs-1.js
| MD5 | 5c11a712eda3646bb4b829f71df72a75 |
| SHA1 | b1bf9389f2a15d7fe6b258ac33e08fd4b19976dc |
| SHA256 | f13cc484d7772e82eec5ea8ad9190bc2741d38d0d3c720af00c8d79905feec6f |
| SHA512 | a0a7e07fbfadc2537d16e06c4b13fd87b187f41fc18e66433246aebc8380ff49a1f926e6dcdac4291d48e26398f635fa0e3b0cd3b9c2db4aeda0c71becc5b706 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e08cd6255d057b148193dbbf43f0ccc0 |
| SHA1 | 8f44bd7d24d39c63d02dbb853534f3a43bd94447 |
| SHA256 | 0bdb964471d2c050320e842f059da5f9bd8652a9990ce2e49963099e4e784dd3 |
| SHA512 | 1a927138507b9a874a3a543d7a54b7b8a0d62628ac2f8e87fb38fdb047c01df5e30dd6f4292e57e5b6ab21e00cfd5f00c80652b86bb4fdba7f38bc235855e110 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\prefs-1.js
| MD5 | 7d50929ec58e7f5b5f70d69fb634d07a |
| SHA1 | 89a5c0ec82f4af178080251cc9eef8ce58db8664 |
| SHA256 | 6e627183cdd92cd9674cedb5acc77a80c0771ec72b0f8eb65d83a1b95e3c94bc |
| SHA512 | f4c6140b1b52e525be521ed9702a36ae01484714b82d0a4bc0bd38617dc4c324d14e375edec05a5e890da4797ea8502622d42aaa48de587604143de794d38d6f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | bf1f020acef3323fd2874ce26d97cb8a |
| SHA1 | 75f376b1be585e1281228964eaccce6dc3c752da |
| SHA256 | 42948821471542e0b5c2fb99e1d9264e93da06ded19cbc55c982c4e5609b647a |
| SHA512 | 69bcbb7af2a8faf4602eb163f1fa73c3804bc9954b3c588b7eb5d2e00a0e2cb1f389edccfe2d96f40fa452d89e93c98b94be68592ffd432d8320ecb7b5ba9e1a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e069c5dc689edc23a74bbd88004c7af9 |
| SHA1 | 77fcbe5732d15efc5d09f6315d35a81d747b1749 |
| SHA256 | 265cf6f73f6897b7f1cf96b22c07da4b9103fdf774f73d5e611a8d5554f6ca97 |
| SHA512 | 75843ccc342d8a904f39ad11f6c556b7f3982b6aa1808813cf91d7eff80505d339b251b430026da010f2471e2a58396c429f8828c865bd580fca8355f4ddd333 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\prefs-1.js
| MD5 | d6d7489bad4a1d5c8f269e46f8ee397b |
| SHA1 | 206bc27243ffa0aae7dfffeb4d1e52cf0252b887 |
| SHA256 | fbc0410fb461796627c8d30aa94396f078dcb73f610f1b74245bd2f40afbf385 |
| SHA512 | 1effcf69352c26bd50ebb35b09c0a8e6f800058866223c9ec021a599a609c9f153945a6bc03f30aae594c6d21b8f92c693bee859d53e731c358594f610c75146 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\AlternateServices.bin
| MD5 | 15726851f862d956fdb842313c2ec98b |
| SHA1 | 62f1cad6bcf4cd2fe0ff4f0d48f2939a6d9e7200 |
| SHA256 | 13d33a2c6e606eb9c36bce00ab396052d8725c1c7aab5aa50892849a48f80be3 |
| SHA512 | 824ea961f6efc24da61229c5b75356d806c524021657a5bf5934ddc65b1908ae7401e6e302df923d6eeccde4e5a80af4263398f6f6e49155ed1bce43d8625885 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 0b9976e3dc6ffc4109f7de06859b5f81 |
| SHA1 | 5e2396b0b0517f4308327ccc3d8d6f453653fc18 |
| SHA256 | 6be886380e81f093bee1b012b00b7c34ebef7a684c180fe16009a80f1b64f116 |
| SHA512 | 2bce75ff541e1c996027e7085b7a15d4e43e4126eec601e8912f9e5aa9bb547563557991183f0485f9359fe04e8088505aca133dd1352b5dbd7de2cd385d1453 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\datareporting\glean\pending_pings\49c017b5-2ae8-4d5e-8205-1f2d62f9c415
| MD5 | aa5c7b789794cc5fc24d6f4a61401a0c |
| SHA1 | a2c7a09c6c85d4149b28fbb13eeaa72e79ff42d9 |
| SHA256 | 54d37dd9e70e05ebec48ccbb4078a4d884bf4be32c76884b83ed29618b10b733 |
| SHA512 | c1777d899e99aab65ed9d0f54842b6deedbc29804a7677ae280993db19cf8a218c610cbc8fe86d153ee086fb2c58f1220ba19dcb301c039c41a3ce3e6a309093 |
memory/4992-902-0x0000000000DB0000-0x0000000000DB8000-memory.dmp
memory/4992-903-0x00000000055F0000-0x000000000568C000-memory.dmp
memory/6068-904-0x0000000000790000-0x0000000000798000-memory.dmp
C:\Users\Admin\Desktop\mal\Files\octus.exe
| MD5 | c3927a5d6de0e669f49d3d0477abd174 |
| SHA1 | 40e21ae54cb5bbb04f5130ff0c59d3864b082763 |
| SHA256 | f430f588aad57246c8b1cd536bc9ae050a4868b05c5dfaa9b5c555f4593a4b33 |
| SHA512 | 20fe73aa1e20270f8040e46a19413d5af8cb47efcf8caef4075e2824268cdca8d775264c9c75a734c94c28c51983ebd27695dcad1f353ec338bd12e368aaa04d |
C:\Users\Admin\Desktop\mal\a\Device2.exe
| MD5 | e21a2d8b6ff3cbf029e1b88ba6524c24 |
| SHA1 | 6733bd4f7ade164e77a00cf3e2b2d6ace316326e |
| SHA256 | 4928399916b4be98730ff68ca10207e3a13bf2739bfb4d5193d9e80461b12f57 |
| SHA512 | e58eae8dca54b146bc61ff61c83a1761f8013ad3900c2fb02a5cc81b2f12174de5956ce2d4e3e936e8c07bcb8baf7f76587f0fe7e42e498de9acbc85afe54f77 |
memory/4520-930-0x000000001BAB0000-0x000000001BF7E000-memory.dmp
memory/4520-931-0x000000001C030000-0x000000001C0D6000-memory.dmp
C:\Users\Admin\Desktop\mal\Files\svchost.exe
| MD5 | 8911e8d889f59b52df80729faac2c99c |
| SHA1 | 31b87d601a3c5c518d82abb8324a53fe8fe89ea1 |
| SHA256 | 8d0c2f35092d606d015bd250b534b670857b0dba8004a4e7588482dd257c9342 |
| SHA512 | 029fd7b8b8b03a174cdc1c52d12e4cf925161d6201bbe14888147a396cd0ba463fd586d49daf90ec00e88d75d290abfeb0bb7482816b8a746e9c5ce58e464bcf |
memory/5320-948-0x00007FF666790000-0x00007FF6669C7000-memory.dmp
memory/5320-947-0x00007FF666790000-0x00007FF6669C7000-memory.dmp
memory/5320-949-0x00007FF666790000-0x00007FF6669C7000-memory.dmp
C:\Users\Admin\Desktop\mal\a\TaVOM7x.exe
| MD5 | bb91831f3ef310201e5b9dad77d47dc6 |
| SHA1 | 7ea2858c1ca77d70c59953e121958019bc56a3bd |
| SHA256 | f1590a1e06503dc59a6758ed07dc9acc828e1bc0cd3527382a8fd89701cffb2b |
| SHA512 | e8ff30080838df25be126b7d10ae41bf08fe8f2d91dbd06614f22fde00a984a69266f71ec67ed22cb9b73a1fcb79b4b183a0709bf227d2184f65d3b1a0048ece |
C:\Users\Admin\Desktop\mal\a\949wScO.exe
| MD5 | f7427f659921dd8679055660f2f2d133 |
| SHA1 | 4fa88cbe2adc57f01065b6181414374a708301fe |
| SHA256 | 04d5614f2cb141eeb0d15a89bbd10912ef52336c9c7f3aa33125adaeac77b055 |
| SHA512 | 9c4bbd5710174f3a762d85eec79d28ad104ca6882b34fb903e47adec9351be177c23ed6db575e308299f19dc00be840b3bc3c7e56074639f94f784a26ebc307c |
memory/5420-975-0x0000000000E20000-0x0000000000E82000-memory.dmp
memory/5420-976-0x0000000005C90000-0x0000000006236000-memory.dmp
memory/1712-980-0x0000000000400000-0x000000000045D000-memory.dmp
memory/1712-978-0x0000000000400000-0x000000000045D000-memory.dmp
memory/4520-981-0x000000001CEF0000-0x000000001CF8C000-memory.dmp
memory/4520-982-0x000000001B560000-0x000000001B568000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\places.sqlite
| MD5 | 64ad074104c2eaa526723a96e16db6fb |
| SHA1 | 8fe9e8ad7c0bb4c50c52262c84fc4f10fd2c905c |
| SHA256 | bc548c438189f8a95ddf15eed07f0eac9ed865d60d551fb0e38864746742e92b |
| SHA512 | 057ca9a3cb1c4a582cf290f02aba106ea713987efac512f59eb6ac253f330ae526c8a4c9bb3b61af189502cc61cb0e426d937db4d7bac427504faa76e327ce27 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\prefs.js
| MD5 | 7c7c6daaafd5dca68f1e7be719834f3a |
| SHA1 | 1bb646447401df9cf7d7475e47a0acd0d83f64b8 |
| SHA256 | 6a66e37814a1eebc6841411b70c3e6112d05b4cac9117d3e18b3dfbf88c8fb01 |
| SHA512 | ece2ae58f1b0291a4bd6891de1f58fa33d8f903d7776d8253099367e582bacc509d9c9f9738c7e2cc0f9584aaaed967838a9af9c269ef25b78334be005a73029 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\formhistory.sqlite
| MD5 | 944c9a882508293881a7bdc477fd5c4e |
| SHA1 | dea5fcf705539c8743c39e68aa22f24913478ce2 |
| SHA256 | b76fb32d0eccca025c2edf7567e107b373647594ce8913c194b7456dec9aed37 |
| SHA512 | 3b14635f89bcbb4b38bfa84abb4a761905e46e937009f6b70f56e57a4bf089b909c2e642f1e517ac550595e2a1c7e606859a3d23f5c33b282d30f89f868e1999 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\83vcsvae.default-release\cert9.db
| MD5 | 347a433481b2eeeae25f1e86f8b2012b |
| SHA1 | 4cf13fbbcf04a222b07a58258bf37381bc08cd8c |
| SHA256 | 796f1d901104ccd829b3bcac3204c39cd0abbcdc644a722ecd24eeba2e0ad1d9 |
| SHA512 | 42fe973cd420b0be5d0a8a7461083d1599b00e9dd6bc3d291408c71377bd7d6f219ebe94e5e5b3ff4bd0be28c0abd7333b4b3616b05ad78e2b91cfdd1d150b82 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD1FBDA9-D3D7-4B80-B3B6-14B4728C08A4}\EDGEMITMP_6346D.tmp\setup.exe
| MD5 | 1b3e9c59f9c7a134ec630ada1eb76a39 |
| SHA1 | a7e831d392e99f3d37847dcc561dd2e017065439 |
| SHA256 | ce78ccfb0c9cdb06ea61116bc57e50690650b6b5cf37c1aebfb30c19458ee4ae |
| SHA512 | c0e50410dc92d80ff7bc854907774fc551564e078a8d38ca6421f15cea50282c25efac4f357b52b066c4371f9b8d4900fa8122dd80ab06ecbd851c6e049f7a3e |
C:\Users\Admin\Desktop\mal\Files\Vidar.exe
| MD5 | 2f79684349eb97b0e072d21a1b462243 |
| SHA1 | ed9b9eeafc5535802e498e78611f262055d736af |
| SHA256 | 9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04 |
| SHA512 | 4d94ae4633f3bf489d1bc9613fc6028865064ec98f73b5e9e775f08ff55d246daeddce6a4a0a013a9d05e65edc726768c397d0382e5c35352144b5338d6467d3 |
memory/5912-1012-0x0000000000AC0000-0x0000000000C02000-memory.dmp
memory/5912-1013-0x000000001E480000-0x000000001E580000-memory.dmp
\??\PIPE\wkssvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\SystemTemp\msedge_installer.log
| MD5 | 554f4d3ee22b159ed52f9f711accffe9 |
| SHA1 | 2337c0676a72f7069ccd2a0fe9c3825d25b67e19 |
| SHA256 | 5ea477e39c337da9a1d280774af5f849ca97db3da970d24b963dd84ea525ac7d |
| SHA512 | 2ec824dc3fc2b23251d4fa53be6a811af89c29f7391e0c639f4e26fe6cc42dffe6b9e926462bcc5a281f72610fd2829f3d8ccb9550eaaca50c597ffa337b80dd |
C:\Windows\SystemTemp\msedge_installer.log
| MD5 | d16e87715af02ad88bf146b78003989e |
| SHA1 | 3bc6426cb02835f0e986cf7f8e5507257937f3fe |
| SHA256 | 44ae28a5bd7b4e28d78194ee0f0700ba485f3bed7f6694ef86c0cd26f31ef41d |
| SHA512 | 02b11f3efd8cffc8be40d088ea4d2ead541b88a1c5b76a056ac4f9f121849ad253c60c3370a7c03b1ccbb608f1f50f05de4b274208963de44bdca18f5cbf3f60 |
C:\Windows\SystemTemp\msedge_installer.log
| MD5 | e5be6db076adb712ec8bc52437ca33af |
| SHA1 | 24be85352380cb728f8303493fdde050818d5b32 |
| SHA256 | f18755bf2d7e93b65819fe36f59a8ee10a47f2f6ba691cce248116bde51d5105 |
| SHA512 | f2593a3b4cfcc562e3e21caeed32d19255679ef09c538a2eaa1997c6ec31550552f71f142a2d992f2ead3c005a943d3f545719ee2cc1f15677944a11af9eea20 |
C:\Users\Admin\Desktop\mal\Files\1188%E7%83%88%E7%84%B0.exe
| MD5 | 88783a57777926114b5c5c95af4c943c |
| SHA1 | 6f57492bd78ebc3c3900919e08e039fbc032268a |
| SHA256 | 94132d9dde2b730f4800ee383ddaa63d2e2f92264f07218295d2c5755a414b6a |
| SHA512 | 167abcc77770101d23fcc5cd1df2b57c4fe66be73ea0d1fde7f7132ab5610c214e0af00e6ff981db46cd78e176401f2626aa04217b4caf54a249811bbf79d9c6 |
memory/4672-1046-0x0000000000400000-0x0000000000516000-memory.dmp
memory/4672-1066-0x0000000000400000-0x0000000000516000-memory.dmp
C:\Users\Admin\Desktop\mal\Files\univ.exe
| MD5 | 2245fb9cf8f7d806e0ba7a89da969ec2 |
| SHA1 | c3ab3a50e4082b0f20f6ba0ce27b4d155847570b |
| SHA256 | f15fdff76520846b2c01e246d8de9fc24cba9b0162cc0de15e2cf1c24172ee30 |
| SHA512 | cc1474cfbd9ffc7a4f92773b2f251b9f1ec9813f73a9be9d0241b502dda516b306d463cc7f8003935e74bc44c3964f6af79a7e4bcf12816ac903b88a77a5a111 |
C:\Users\Admin\Desktop\mal\Files\mac.exe
| MD5 | 2d3c280f66396febc80ee3024da80f8e |
| SHA1 | 70bda33b1a7521800a2c620cda4cf4b27487fa28 |
| SHA256 | a7e4b2fd9cdb85f383f78ffe973776d40262d53727d0c58ea92c200ec1a7bd6d |
| SHA512 | 26b38d618238336e36fd79f1e63b7c59490ca3e5616306da3ae3e0907415a1746aac638930e01f93529b16f3fe7968d48f5557d6bf32385f82a7bf1f944cf4ad |
memory/5324-1089-0x0000000000220000-0x000000000022E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0qgdfdjc.mmz.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5324-1099-0x000000001B370000-0x000000001B392000-memory.dmp
memory/5324-1100-0x000000001C6C0000-0x000000001C6EA000-memory.dmp
memory/5324-1101-0x000000001C6C0000-0x000000001C6E4000-memory.dmp
memory/4764-33-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-34-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-35-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-45-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-44-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-43-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-42-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-41-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-40-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4764-39-0x000001DAA36D0000-0x000001DAA36D1000-memory.dmp
memory/4992-902-0x0000000000DB0000-0x0000000000DB8000-memory.dmp
memory/4992-903-0x00000000055F0000-0x000000000568C000-memory.dmp
memory/6068-904-0x0000000000790000-0x0000000000798000-memory.dmp
memory/4520-930-0x000000001BAB0000-0x000000001BF7E000-memory.dmp
memory/4520-931-0x000000001C030000-0x000000001C0D6000-memory.dmp
memory/5320-948-0x00007FF666790000-0x00007FF6669C7000-memory.dmp
memory/5320-947-0x00007FF666790000-0x00007FF6669C7000-memory.dmp
memory/5320-949-0x00007FF666790000-0x00007FF6669C7000-memory.dmp
memory/5420-975-0x0000000000E20000-0x0000000000E82000-memory.dmp
memory/5420-976-0x0000000005C90000-0x0000000006236000-memory.dmp
memory/1712-980-0x0000000000400000-0x000000000045D000-memory.dmp
memory/1712-978-0x0000000000400000-0x000000000045D000-memory.dmp
memory/4520-981-0x000000001CEF0000-0x000000001CF8C000-memory.dmp
memory/4520-982-0x000000001B560000-0x000000001B568000-memory.dmp
memory/5912-1012-0x0000000000AC0000-0x0000000000C02000-memory.dmp
memory/5912-1013-0x000000001E480000-0x000000001E580000-memory.dmp
memory/4672-1046-0x0000000000400000-0x0000000000516000-memory.dmp
memory/4672-1066-0x0000000000400000-0x0000000000516000-memory.dmp
memory/5324-1089-0x0000000000220000-0x000000000022E000-memory.dmp
memory/5324-1099-0x000000001B370000-0x000000001B392000-memory.dmp
memory/5324-1100-0x000000001C6C0000-0x000000001C6EA000-memory.dmp
memory/5324-1101-0x000000001C6C0000-0x000000001C6E4000-memory.dmp