Analysis Overview
SHA256
9a3ba1ea02e8c045a1e94e2f81c64565122df06f4d1f11018d1902f2adf80127
Threat Level: Known bad
The file search was found to be: Known bad.
Malicious Activity Summary
Remcos family
UAC bypass
njRAT/Bladabindi
Revengerat family
Dharma family
Remcos
Njrat family
Dharma
RevengeRAT
RevengeRat Executable
Deletes shadow copies
Renames multiple (661) files with added filename extension
Downloads MZ/PE file
Modifies Windows Firewall
Reads user/profile data of web browsers
Uses the VBS compiler for execution
Checks computer location settings
Executes dropped EXE
Drops startup file
Credentials from Password Stores: Windows Credential Manager
Deletes itself
Drops desktop.ini file(s)
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Suspicious use of SetThreadContext
Drops file in Program Files directory
Event Triggered Execution: Netsh Helper DLL
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Browser Information Discovery
Enumerates physical storage devices
Modifies registry key
Interacts with shadow copies
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Uses Volume Shadow Copy service COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Scheduled Task/Job: Scheduled Task
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Runs ping.exe
Modifies registry class
NTFS ADS
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-02-22 19:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-02-22 19:44
Reported
2025-02-22 20:02
Platform
win10v2004-20250217-en
Max time kernel
1020s
Max time network
1022s
Command Line
Signatures
Dharma
Dharma family
Njrat family
Remcos
Remcos family
RevengeRAT
Revengerat family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
njRAT/Bladabindi
Deletes shadow copies
Renames multiple (661) files with added filename extension
RevengeRat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\RevengeRAT.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Remcos.exe | N/A |
Credentials from Password Stores: Windows Credential Manager
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Users\Admin\Downloads\RevengeRAT.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe | C:\Users\Admin\Downloads\NJRat.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\NJRat.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\RevengeRAT.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe | C:\Users\Admin\Downloads\NJRat.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CoronaVirus.exe | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
Executes dropped EXE
Reads user/profile data of web browsers
Uses the VBS compiler for execution
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\remcos = "\"C:\\Windows\\SysWOW64\\Userdata\\Userdata.exe\"" | C:\Windows\SysWOW64\Userdata\Userdata.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.exe" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\Downloads\\NJRat.exe\" .." | C:\Users\Admin\Downloads\NJRat.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CoronaVirus.exe = "C:\\Windows\\System32\\CoronaVirus.exe" | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\remcos = "\"C:\\Windows\\SysWOW64\\Userdata\\Userdata.exe\"" | C:\Users\Admin\Downloads\Remcos.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\Downloads\\NJRat.exe\" .." | C:\Users\Admin\Downloads\NJRat.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Windows\System32\Info.hta = "mshta.exe \"C:\\Windows\\System32\\Info.hta\"" | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Users\Admin\AppData\Roaming\Info.hta = "mshta.exe \"C:\\Users\\Admin\\AppData\\Roaming\\Info.hta\"" | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Saved Games\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\$RECYCLE.BIN\S-1-5-21-3181990009-820930284-137514597-1000\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\svchost\$Recycle.Bin\S-1-5-21-3181990009-820930284-137514597-1000\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | F:\svchost\$RECYCLE.BIN\S-1-5-21-3181990009-820930284-137514597-1000\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\Links\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Links\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\OneDrive\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Camera Roll\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Downloads\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Public\Libraries\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\3D Objects\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Searches\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Contacts\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\Userdata\Userdata.exe | C:\Users\Admin\Downloads\Remcos.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Userdata\Userdata.exe | C:\Users\Admin\Downloads\Remcos.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Userdata | C:\Users\Admin\Downloads\Remcos.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\remcos\logs.dat | C:\Program Files (x86)\Internet Explorer\iexplore.exe | N/A |
| File created | C:\Windows\SysWOW64\remcos\logs.dat | C:\Program Files (x86)\Internet Explorer\iexplore.exe | N/A |
| File created | C:\Windows\System32\CoronaVirus.exe | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Windows\SysWOW64\Userdata\Userdata.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Remcos.exe | N/A |
| File created | C:\Windows\System32\Info.hta | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
Suspicious use of SetThreadContext
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.IO.Packaging.dll.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MyriadPro-Regular.otf | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ro_get.svg.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\NamedUrls.HxK | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\tmpersistence_xl.dll.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\resources.pri | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.dll | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\1033\BillingStatement.xltx.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\UnlockResume.dxf.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\190.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-32_altform-unplated_contrast-white.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailWideTile.scale-125.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\OrientationSensorCalibrationFigure.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-40_altform-unplated_contrast-white.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\msvcp140.dll | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dll.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\OFFSYMXL.TTF.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\REFINED.INF.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\WideTile.scale-100.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_ellipses.svg | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\de-de\ui-strings.js | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-si\ui-strings.js.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\LimitUndo.inf.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\MSB1XTOR.DLL | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\System\msadc\msadcor.dll | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA6\VBE6EXT.OLB.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Mu\Cryptomining.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\psmachine_arm64.dll.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BLANK.ONE.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AIRWER.DLL | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\MeControl\offline\webviewBoot.min.js | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\System\Ole DB\oledbvbs.inc | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\ms.pak.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\sticker29.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-32_altform-lightunplated.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\MoviesAnywhereLogoWithTextDark.scale-100.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSYHBD.TTC.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageLargeTile.scale-125.png | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_newfolder-default.svg.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationUI.resources.dll.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.id-CA758743.[[email protected]].ncov | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Remcos.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\iexplore.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\PING.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CoronaVirus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\NJRat.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3181990009-820930284-137514597-1000\{4AA772DF-2AF4-4CE7-A36F-69E85A7D61DB} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 956509.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 538018.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\svchost\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 9710.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 625511.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\svchost\svchost.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\RevengeRAT.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 21891.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\search.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed15746f8,0x7ffed1574708,0x7ffed1574718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6060 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c0 0x4dc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3548 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6588 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_BonziBuddy-1.5.0.zip\BonziBuddy-1.5.0\README.md
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BonziBuddy-1.5.0.tar.gz
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7300 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 /prefetch:8
C:\Users\Admin\Downloads\Remcos.exe
"C:\Users\Admin\Downloads\Remcos.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\install.bat" "
C:\Windows\SysWOW64\PING.EXE
PING 127.0.0.1 -n 2
C:\Windows\SysWOW64\Userdata\Userdata.exe
"C:\Windows\SysWOW64\Userdata\Userdata.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7008 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\urb4hzih.cmdline"
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4116.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc87B03735B775489CA8A9F94512A3BE26.TMP"
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\on9lnger.cmdline"
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4183.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc271BAC5953645E3A056BA4F348E7516.TMP"
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\i6l6voip.cmdline"
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4210.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc130FA0F7E34E4E419576855EE476E85.TMP"
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\e67syzre.cmdline"
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES429C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc80D4E8C0E5DD49189AD44A755C74323.TMP"
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\dwzzzas1.cmdline"
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4338.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc986412F7136B4AE8969F61674D1011.TMP"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7080 /prefetch:8
C:\Users\Admin\Downloads\NJRat.exe
"C:\Users\Admin\Downloads\NJRat.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\nwcex0p8.cmdline"
C:\Users\Admin\Downloads\NJRat.exe
"C:\Users\Admin\Downloads\NJRat.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF35E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc30A81B1CB6B4E578B5A2169AA4A815E.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\thwuynur.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF477.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcDB5C1AC2694D4233ACDB78C83BB13B8E.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\6hoqbtgs.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF5FE.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2BA8D91E285D46C8BC2C6659F7998F8F.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\lsrpe6rd.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF708.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc5EF2CDA771CB482586E71D3C1C4ADB9E.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\3pzz0z_e.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF86F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc42400940C14904B5CBA0EAF0D374F.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\wxfnn0nl.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF92B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc825E2E48317941158476FD9F0F1E7DE.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\lkossyij.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF9D6.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc38F0FAFFD56347ACBA671FC31D5E5294.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\j4hzsx1-.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFAB1.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc17F722B4CCA04339B5D979114566A872.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\zhcvaurt.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFB4D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7AB4B4EF82A44CF5A310F2CDC2131D2.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\yztr2ire.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFC28.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc94178951F54C423BB9DF10DED8B1BE59.TMP"
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\Downloads\NJRat.exe" "NJRat.exe" ENABLE
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7908 /prefetch:8
C:\Users\Admin\Downloads\Remcos.exe
"C:\Users\Admin\Downloads\Remcos.exe"
C:\Users\Admin\Downloads\Remcos.exe
"C:\Users\Admin\Downloads\Remcos.exe"
C:\Users\Admin\Downloads\Remcos.exe
"C:\Users\Admin\Downloads\Remcos.exe"
C:\Users\Admin\Downloads\Remcos.exe
"C:\Users\Admin\Downloads\Remcos.exe"
C:\Users\Admin\Downloads\Remcos.exe
"C:\Users\Admin\Downloads\Remcos.exe"
C:\Users\Admin\Downloads\Remcos.exe
"C:\Users\Admin\Downloads\Remcos.exe"
C:\Users\Admin\Downloads\Remcos.exe
"C:\Users\Admin\Downloads\Remcos.exe"
C:\Users\Admin\Downloads\Remcos.exe
"C:\Users\Admin\Downloads\Remcos.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,5364506570542109764,9804933358414450818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7908 /prefetch:8
C:\Users\Admin\Downloads\CoronaVirus.exe
"C:\Users\Admin\Downloads\CoronaVirus.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\Remcos.exe
"C:\Users\Admin\Downloads\Remcos.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\CoronaVirus.exe
"C:\Users\Admin\Downloads\CoronaVirus.exe"
C:\Windows\system32\mode.com
mode con cp select=1251
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Users\Admin\Downloads\CoronaVirus.exe
"C:\Users\Admin\Downloads\CoronaVirus.exe"
C:\Users\Admin\Downloads\CoronaVirus.exe
"C:\Users\Admin\Downloads\CoronaVirus.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\t7n9nm8e.cmdline"
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3E19.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc50986F0D398F4F45B7E99095ACD41ED1.TMP"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\dadkgvdf.cmdline"
C:\Windows\System32\mshta.exe
"C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
C:\Windows\System32\mshta.exe
"C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
C:\Windows\system32\mode.com
mode con cp select=1251
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\hblobzqq.cmdline"
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES46A5.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4AE945C7A1294B649E5138CAC4FC7733.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\c1v9s3c7.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES47DD.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE3006480CBB844ABA1F6C9C2DE99BE0.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\lynnelun.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\e9x1308y.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\up51hpje.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAC83.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4177ED7984A94044964D2F81FBDB5761.TMP"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\34cb500350fc4c34bdbb200f460c39f7 /t 8872 /p 8864
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.146:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | rewards.bing.com | udp |
| US | 204.79.197.237:443 | rewards.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.5:443 | login.microsoftonline.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| GB | 2.19.117.146:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.146:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 2.19.117.146:443 | aefd.nelreports.net | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.143:443 | aefd.nelreports.net | udp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| GB | 2.18.27.76:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 8.8.8.8:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.146:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | dn720003.ca.archive.org | udp |
| CA | 184.105.214.247:443 | dn720003.ca.archive.org | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.146:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.18.27.82:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.146.103.81:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.146.103.81:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.146.103.81:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.146.103.81:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.146.103.81:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.146.103.81:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.146.103.81:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.146.103.81:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.146.103.81:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.146.103.81:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.146:443 | aefd.nelreports.net | udp |
| GB | 2.19.117.146:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 3.12.57.198:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | nickman12-46565.portmap.io | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1bed6483de34dd709e03fd3af839a76b |
| SHA1 | 3724a38c9e51fcce7955a59955d16bf68c083b92 |
| SHA256 | 37a42554c291f46995b2487d08d80d94cefe6c7fb3cb4ae9c7c5e515d6b5e596 |
| SHA512 | 264f6687ea8a8726b0000de1511b7b764b3d5a6f64946bb83a58effda42839e593de43865dafeeb89f5b78cc00d16f3979b417357fa2799ca0533bdf72f07fda |
\??\pipe\LOCAL\crashpad_2036_TDGOJXVENJYRTSXY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fe6fb7ffeb0894d21284b11538e93bb4 |
| SHA1 | 80c71bf18f3798129931b1781115bbef677f58f0 |
| SHA256 | e36c911b7dbea599da8ed437b46e86270ce5e0ac34af28ac343e22ecff991189 |
| SHA512 | 3a8bd7b31352edd02202a7a8225973c10e3d10f924712bb3fffab3d8eea2d3d132f137518b5b5ad7ea1c03af20a7ab3ff96bd99ec460a16839330a5d2797753b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d13c25d8-a5e8-4d54-8244-c9aaffa374e6.tmp
| MD5 | 216d713f8389c75b6d3ae3564d6da39b |
| SHA1 | 0bd201ca5f15a7af8d3c0670d47f6b0bced619ef |
| SHA256 | f15cead2a26fb0feb22a65d193e87521578bddb7058470b561590eb606b28085 |
| SHA512 | 19975a78d1fadde1b272502e597f4beade94536e80dfeb3cd4e70f603fe8289bea4d5d783b27b2e5b0f43b9c5ffc3d82fc39958eff07997d17049e41880eca44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1474cb61f31a93b509ba34240ca01693 |
| SHA1 | e304e8aef0aecdde07776023e23edcb53976fffc |
| SHA256 | 87d6f0fb10cccebe9b07b6811de217675760744d5d272e2fca125a6b93bc4456 |
| SHA512 | 14e59813809e0c4c3295d8399e6aa0851f62586acdd40da7575002d20a06c288ea363aa6654d7bfafbd4c5f3f08d54133ad073e2e94dd6f80e170e7fe56e5585 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cd07376d9821e33cedcfdbe4a72617fd |
| SHA1 | da969c4c391e58dd2db63811a86aadd88c8e309c |
| SHA256 | 8d16e1ac16f0b947a76c4122a0990d15a447e91c2c887d6b6afb65f90bf8dd69 |
| SHA512 | dfef2869d2010618f2fa64c776a5335555f08cf86bffa9e939202fccfc80a6c76b856fc2767bdc1d3c85888c72dba18277f73caf44b0f7a5ec27e27f5e3329dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 46ad9692712d9af6a05ca2755121778e |
| SHA1 | aeb4ff2dfa1c839c43d843c9aebbfe3a56cbd4da |
| SHA256 | c5650fe4b4a12ff71f40c3a1f47c7ea4b974ad94b09756bed31d8ca138d5bc34 |
| SHA512 | c8313074da11b1f05db3d55017afa14ce1621aded739ef73f213c4251d7ae2594e51027e0bb168281e7268ac27dd4cb7894e972132e8f24565c914646f263cb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5834c7.TMP
| MD5 | 51c81b22c0b06a284f58a43d99ac4a84 |
| SHA1 | da3ab158c4812de4f55e2e72f59e108e7372b887 |
| SHA256 | 0024845ade56def7e0cba4a77eccf547ac1a5587c93753edb4d096fab75315dc |
| SHA512 | fac1c7d81bf98687a964e29545c80d89a2473828ff6d3fb5ec583b9f3d994d8900892761721dd6a4803e8a198c0cfa627f61601c169e648c08342b26f781d823 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a1ee9e86d4e03f86b369f17140137139 |
| SHA1 | 8a3a02fc247878382422775223fca453f0947531 |
| SHA256 | 221a26bc7ce1b32726b05144e33a20e558136d2b1769eed82c34d666a4233859 |
| SHA512 | 5a3e87d890cf5b417df4388cc6d7281cf76a95f04bc285fc3756235b1dd01dffbd4f82545684ba0b77a69fdd65baf57efe2a0d644745f755322c2a706d148975 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e6a1826ea6a4daf28694f19f8c51306d |
| SHA1 | 0fc28f68f854c5bc181949b1f10a1852d804f932 |
| SHA256 | 4a754c17cdc398edd5f6169e49fc991db47fe8bae3d9c2be83a53b4eacfb1d79 |
| SHA512 | 494bba26d24b6e122b4bc258f2ac63915f0c003039a1ae1fd9293c65c792e04e16efbe8db392f76ee5620f7f8732d339071cafdedc0cda7e992d70924d0c2c0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21c58bc5be2236f4c1a62893aff6ee83 |
| SHA1 | b778339d1c16ccba37fb5a1bd716da46aed84c23 |
| SHA256 | b75eece489d6e14564f717dd92f059a8d67e2a5693a4db588dfc7863a7b08575 |
| SHA512 | ff2ba11234760081dc8ced8545ea9aecdce537227daa3f2ce584f7678df32e5a01f3e39de94f952f7bd77b505dacb7d80232df46b99402845451114091faa68b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | c813a1b87f1651d642cdcad5fca7a7d8 |
| SHA1 | 0e6628997674a7dfbeb321b59a6e829d0c2f4478 |
| SHA256 | df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3 |
| SHA512 | af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 8bd28259a6247d767a340cd949071b22 |
| SHA1 | 937cedc3400ccdac60d87baaf9d9c7179bb02886 |
| SHA256 | 09a26657deed5214568ab51587a0287cf7b23ff276ba5dc5e491ca4b03766ec2 |
| SHA512 | 7fdf7ba1333bf0418d1fb122c2ae206856c27f09316e1145c281000bcab9cf7faa8ae81dd8da1a71e830459b5bffb0884c54f457520802e48849c8f7b918478a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5 |
| SHA1 | 6dd8803e59949c985d6a9df2f26c833041a5178c |
| SHA256 | af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725 |
| SHA512 | b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 226541550a51911c375216f718493f65 |
| SHA1 | f6e608468401f9384cabdef45ca19e2afacc84bd |
| SHA256 | caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5 |
| SHA512 | 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 54c07aff64efbfa7cc409c2c39beee1f |
| SHA1 | 484508546a33fc90e6b97f6240601ecc135c362e |
| SHA256 | 49c44a97498af5cdc2abaa89ab61f43895326914e942068e4bcdd946627ea065 |
| SHA512 | 39c0bbe4cddd7eb1b17c6690b580a650640a1aed61ab004092af6cc870286c13dbdd59df763b724b7b022d6d071a18f02cfa751710d38954eaa1eada5b9a1abb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 55f28b8b32fd4fc758e413bf323d06a6 |
| SHA1 | 5294ebedb26bdcec0b6c09c8a9a5857209b414b0 |
| SHA256 | c631ae9a91c15d6fd2a00ba44e01731eadd0cbad303dcf19cf7d67989ab82012 |
| SHA512 | e0c8f68bfe3c37d40b91a175f934514c0c95455cf9138c6be209c7ffe40c9a9df249e11dae6fc9e0fb2deed14d0fcd398a141dfdf24996f7eb14b57b949fcda4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4984ea38ae866d70fa2cb7fb301ab379 |
| SHA1 | 02b207099057a2067369d870b8444285e9fc3e69 |
| SHA256 | f6ef20c60eecacfaec116b4b13332f67f85aa8e2ca7bc0ca3cd80c98691c578b |
| SHA512 | 4162d9d0c01144315e7c2e9db572a0511fead3e3d599656700d3d71e111d59d027a99ef8b0698b7e68280c9e895ae5ca7c8115be11132362bc519578e65ee282 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a90cf2b66477be51b38e02a1244435a2 |
| SHA1 | 29ea7102e90315f7be9720415a0ce83d7f0fa1b6 |
| SHA256 | 9a21f91452fcf9c2690296a3a27deb201ba75d3bcfce9ef70045f70436937299 |
| SHA512 | f5781afd4ad35296d55ae5112b7dcc75dc27a6cf2554c7efa77a806d29fa01e00697c195f59b6c44ce57a9b095aad16413b93db1a02a621f6fe5857df45e6e47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | df1d27ed34798e62c1b48fb4d5aa4904 |
| SHA1 | 2e1052b9d649a404cbf8152c47b85c6bc5edc0c9 |
| SHA256 | c344508bd16c376f827cf568ef936ad2517174d72bf7154f8b781a621250cc86 |
| SHA512 | 411311be9bfdf7a890adc15fe89e6f363bc083a186bb9bcb02be13afb60df7ebb545d484c597b5eecdbfb2f86cd246c21678209aa61be3631f983c60e5d5ca94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | e580283a2015072bac6b880355fe117e |
| SHA1 | 0c0f3ca89e1a9da80cd5f536130ce5da3ad64bfe |
| SHA256 | be8b1b612f207b673b1b031a7c67f8e2421d57a305bebf11d94f1c6e47d569ee |
| SHA512 | 65903ba8657d145cc3bbe37f5688b803ee03dd8ff8da23b587f64acaa793eaea52fcb6e8c0ec5032e0e3a2faacc917406ada179706182ce757d1c02979986dd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8f6b1273a26a4d51c22320b6bb3f22f0 |
| SHA1 | 856b755e83f68afe398247d94e7b4ccaa2510af6 |
| SHA256 | 9ba71de7d894284c6e229186fa05eeec655a24df1ca520a4c758ff41f21715aa |
| SHA512 | 1c24faa5d020c3061f40de57c48a7f305bdbc34067fe387c258d51996e6cdd893cb23038782e008964352132c23a6ec83e2521a070e5e57ec94bbce5c8b6fa6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 65ea5b203935e93d570c53dc703cbf4e |
| SHA1 | bb81059768bb66c6b970aec11dd596bc650efd47 |
| SHA256 | c439758ba2e3ae327f6f4bbb2fc1cdc81be7385d6a2bc2bda45ebb92117a19c9 |
| SHA512 | 39bd59ef290cd18b3847e852ce75b45efec8dc159f4553834a52ce88ef6bbd417a676f776f7e512526d68879a71d706b6fe1aab26020786ae5e4bcd3e3d7c751 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 554f3cb924584472be48ddc115502400 |
| SHA1 | c94cadc8793fe5de50ff240c706a6140f2e88104 |
| SHA256 | 7cc889fbaa73764e6cc9336c04a067732344850e2ee6482f165daed3b98034b9 |
| SHA512 | 848e0f59c01fd31e93c31c34237d4f241dfbb1ccadeb995ac355c5a7e5aa7744cf75216a8c1565e5b682c5ec5991edb56cd4bd07a1c91e77885ff6c0a34b34ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e5a691063b3ed9adaafaae296e842319 |
| SHA1 | 05955d1b60303ef1ed166846d13e0f7f83a1a53e |
| SHA256 | b75ead6dc09e1a64c09185d5c4c04b10d18f8456cc612544b964386208069d3c |
| SHA512 | 4928db408675f372ae7cfb806e0e701dc6f4589b13d543c266d81d205139e9a756dc27d43c8ef6703735bd1d641dd4d7db23b0d53a10abd0de1cafa01814cd92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 21c993fd437848e6278abccfa9adb222 |
| SHA1 | 9c358e85c12819a9c3a8f6a84da9d2d66497c9d6 |
| SHA256 | 16a452f90e02d487534a740e69efdff92d42e3376bf4d43de7a555ad01faad59 |
| SHA512 | 3ca7e1da282777c3ee5b6394a567a5eec31646421756f9797a5aca86babfc5baa920f6828217f0aad5dc3714e7c297a09650716bb35c62d44280a5047770a828 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0
| MD5 | c1d303a4991df16f7ebc11f766235359 |
| SHA1 | e0354d8421433c0999f0e42d8d19ebe44b7d2a96 |
| SHA256 | 87a12cc9320b20b58b718e121f677a647a4fdb5203322c4e6b800bd7d4e2e842 |
| SHA512 | 9910f5bec0ad2e1248b00af94a412c99d5015316af4c3ae251c1329d4267ff37212e6b28d6f96340b9c0f84fd41dada733aa193291fb47f6582d3d0b30d6b801 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0
| MD5 | 2b8d96c18f08a2e7bd1abfa04e601992 |
| SHA1 | 978ead1b4eb524a38c52036708aef04da6ad2772 |
| SHA256 | 40661f340747da7e1dfab9faaf9681ef7b7c321f16a2358638a02da7109166c3 |
| SHA512 | 7f76aebb480a4ec12a40b21bbaab8ded736c2e4889e174e3585f9970af0b7886742a3565a97d2a82e4ca4d3f301c0c3ebf4ce556776e69691c44386a2aee7990 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0
| MD5 | 3ffe11a981605cebd37fe5bb090a57df |
| SHA1 | 37d261451e66e06326b1ef2336ba97d65372f7e3 |
| SHA256 | ce2b6a8dcd3a8e9af759b5e1d5d4d8ccae7a9f2f4f4766dc0214d719d402b358 |
| SHA512 | dd41646d38824e88b7d87107ff7db1dcc9fe45318408254f6642ebd6d6cd8b0df946dcd30c68f3cbf0b0d596b40311e7593e01828a88ef4bd6b9bcfe043eb1e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2076e2a98754e97_0
| MD5 | 920c0886188819a328f374463fdf53eb |
| SHA1 | 52f137bd869fe50741fea40f7412c1005032af4c |
| SHA256 | 8bc24c30c87744179bafc0f7a5f0e037c7f93fcbb64753abb556bd07f58afb50 |
| SHA512 | a9348a530ca29078b0dd386f2bca5b5f41a93fc065e45ede220dc8aea0614244d2ee32effb77ca926588dffc3168fa7e81aecc31aa8ca6341b52af30c9ac8874 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78bc646c0524ce58_0
| MD5 | 394c89ec6a341e6fa9d0a4727e93029a |
| SHA1 | 95e64a8e12ec29bc9a275b80f92c5364b55c9779 |
| SHA256 | 9d4e1ceed402c1bc226ad55a752c19097505c1993a3db90debe2279d4a2fc70e |
| SHA512 | 78623de791fb26ca937db21f5e96fb7e5fb2025d6765ba3513754a36727a492799accb128564bd95e38e6853939f8edf51fe6cff356ae3aedf56ff87e07afcc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6aa9a2943612cce1_0
| MD5 | 407d7c024acc7bee9de0baa9770f5c00 |
| SHA1 | aae550aacb1a40bbb8fff50a84748ed00f3d3c80 |
| SHA256 | b75b8e2b0ed4c4abfa304fd0d0da9a1f9fc46752eb68d131f4f6126a62ba3fab |
| SHA512 | 53e6fd38163d8d856fb34e6800b505ab75291b415d70568cbb513e82339ca40cc9f2988e97bc89fa874849671b7d7cb8805381d6a2fef3f00bde9fd3d3125321 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5d48cf1d-7155-499b-bca5-62beabecdd93.tmp
| MD5 | eaf1e4cc9f16711492dad1748d7b9be8 |
| SHA1 | 296ceb4d8016408edc241e10765be97af34a7490 |
| SHA256 | 10250c85fe9d335cf70461ceb8ff5738493a56084c304c41647bdec612bd39f3 |
| SHA512 | e99257269e174aee087bd807534c41e88743b71286a085f5a4463120c0e1c0070518afa06b34dcec8142ffd9b70ad57cf88a05e4eb59c613350691a1c71851c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d3867d719b9131b110e69902f631e2e4 |
| SHA1 | 69448950ece96e9b4409119f9920dacc4a25dc55 |
| SHA256 | d51b4fb40db7cafbd92ab624c445d7d7506a00e6424e18e7955223698de6f346 |
| SHA512 | 2d2e61b5a3d888373c8695a3d92e659e9581f7c5e02dfc60648ac7208d10a7f64d9a223fd063e49a68e10c14733fd7f7f118a1e1cc20a19e13241953d1d7dd99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b6c848e73fae269cf6b7a9ce160abf2f |
| SHA1 | 9e7c161f6e1f32009523ee00b2aec3817cfb06a4 |
| SHA256 | fb2b918ef092c2f9a0f58e36fc54c8e48e861e57941af92453f3ec03cea481bd |
| SHA512 | 47109f352f5830ecb0bafd8fa8d26c51360926f33e5f633933f68d2654575bbe64305c5598f5a2bb62f07a6f0f4dbcf8e606ad8a2a9ad3a12ddf10ae8335bdd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd6b2817137c2b3d002ce440313e9b59 |
| SHA1 | 2923c5a509f250a4486522d416bd1b24ba111d2b |
| SHA256 | 519ce1fb00c04504a5a56983bf1b50bcf8534c5902d0395a1a5a2257cb9a7321 |
| SHA512 | 12774378f79a29fa6e4b1fbb9d7743b2a3424365f96a191b79fe06f93ea096f76303339ee0729d84d0baab9147b8fc8361537fb0067ceaf0519fcd4f552f35bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 396b3567b3e292f42faa676411b1392b |
| SHA1 | e811b7455cd503ba119dc351ebb30f3df8ce1279 |
| SHA256 | eb2d2a2bb41e26ebf5a8611c172da2fad40110120bd20cf057435ab59e041fbf |
| SHA512 | 64d329221dd2d27fe439a7e5c7f2b4a5209c6fc81d2da88f4b405bb3ed0a136014d5ac3a40427b3a798da4681b64d50a7fc4f8e0bc59c230fa86b87ccec2cad7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1d758ee1bda49d5767de7b5cbbd9ea63 |
| SHA1 | b9d647d61e4d37555cdc90f7711b36eaa7e37250 |
| SHA256 | 953b65a0eddfaf4ca74d2541ea350353275a68c27963d8389517d430e7822688 |
| SHA512 | 066465255575ae5979f5f832388513f66acea7a013f94e0c5a1ccc7ef78f49ef34d28bf89b9e1031a9ba8f0921225d5522ba5f6273713c8d17b018436fcf41e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | e42eb6b987a46c895dcb7fa84dd38e61 |
| SHA1 | a23c3d5710c227aab14b5c6ae1eb05b0a537b8cd |
| SHA256 | 2186cf3fb1356149de2896f8c226cd09ae6de2d8986c738ff0719dd23724fe70 |
| SHA512 | 6b03b465468a56be7df4b68743de0085b32c8974ff660ee9950158803ad3f8ba4a0d857b5ab629a5c80ec49bd6a337392723a4045fece976783ef72d00ec8008 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 300034a9430692ffb103fb49e199b49a |
| SHA1 | 40e65e29d2d8ac44c178dab06f8332652f7cbfbc |
| SHA256 | 3efc9dd137db70d45d8ac077ff27243edaeb48483fdec2a95de673e6ee39e05f |
| SHA512 | ef8970bc2fe96c8f4e06fb5df6ca9b9612d1ab09885eb438f8f7490923eda0dec3a7d41d76e1c35050ffb60ae9fe84108b07ddb2d6614e13791841630e8cca4f |
C:\Users\Admin\Downloads\BonziBuddy-1.5.0.zip
| MD5 | b2a6338ccd902e6bfdef228fb0f7a270 |
| SHA1 | d0fb880dcca92309143dc16f52f6d7d2fa354176 |
| SHA256 | e2f28b842a249fe17909983c887ee70715114bcaa422615c3e37163dbc4307e2 |
| SHA512 | f3e50c22b898827a373a4a4f60f1b7a842baba1b20dec539f43f92fb2ca8b2344c868732697ee2bcb90332f5dbea2bc2b9b0f58d32477da2aebe402169f6c628 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ff3341d1b19ecc070719590037d5a97 |
| SHA1 | afaed92b96e019f2341ec2c4823a1dcd02fea7f9 |
| SHA256 | ecdac47cdfc07bec22c8a83d693a9b9e1c999f895764b551fe81073ef1359434 |
| SHA512 | 76fa224ac35d0f30dae42803d4e9439525148cf499cc0081bff91d707b345d88e9b13c66ce58032525c6ae8043551aacbb11313d1d0a950851fc6d751e3e6a95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 60ce031ae4b905bf5434fb5c9cf5e1d6 |
| SHA1 | 1d9f0119a7f39451a33088d10985f4994be7c882 |
| SHA256 | c1f559796b5efbd7102f884201a58c4b4fb7af2787e1012d911c4c7f2196cb41 |
| SHA512 | 90e59e458b4360f458e5285fe135bd5277b7860e86585fda341307fc7e4a65d4ed457c16327322db0e0562ed2696e4650db174b5274c99bd020ded8f4a3787d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d28f9fab1045a15519048035cacc9643 |
| SHA1 | b57a90eacdfa3f432ad0d1035238cbd84f318d66 |
| SHA256 | 16851c760824650e894a5e3a082555b751cc9e83f7fc23b5e2785383ef23e789 |
| SHA512 | 0fe2fe9d7eb7dc0e29fef2d6d888d799990a6d301952a3478b3e6d0064b9564291f23ae42c1b3005aae2095e001243e4e88a523f1553313310277aaa55cd175e |
C:\Users\Admin\Downloads\BonziBuddy-1.5.0.tar.gz
| MD5 | f085a02db61679c06d37cdda76a80d38 |
| SHA1 | c3a06200aba94395b2c1874ea8c08eb760f73a67 |
| SHA256 | e839c538b360aba626d4459a8a54c6060ca86169fabf621b8ce93e51cd89b063 |
| SHA512 | 622b1e1789d7cffd21dfed7b8ff5ba83009ccff8773cb91a0edc31bc9c768a72c8780ee45d48528ef6df5204b8eb4a2a1fbbe53e3b92e600b1291d2d2baf329a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c5f1bbecdb7fd6c3296348be6f8dcc0a |
| SHA1 | 2b74e16a6a21422aad5c6a91b2b675e84efb5a6a |
| SHA256 | 8d1e62d3b8bb70c5b121a93124842bf8843754deef2ffcf51356d1babafc1882 |
| SHA512 | 3f9153269ebb5e7f712c336f1859fe9416e127d3cc92e005ca6934a78e07be611cfca567455827f3f0827143d418086bf2558ab149242ccf649bf50f03e69c80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9773b6513989a7830217b2e33ebcc7d0 |
| SHA1 | 148bfe902e647baf803467e86fac2e9d7fa8d016 |
| SHA256 | 50f6cd4f39c9b7f70eafa50c698f76ef7db20a565c72350e2bd11eb4d7273c47 |
| SHA512 | 6e95c2ab90dd0190115be161a8afc17f7c284a6b1ca98dda72b1600e7ea24807a0395f561bca1a785ddb88559d2a71406763917621b66a12b04df666c2470a9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1bc53bc55e613f9e0d86193835e0782c |
| SHA1 | 4b5e0b17b959356a0c59e0f29a54f48eb8168b0a |
| SHA256 | 61321063bbdfc061ee422fb2664374c40dd5a4e6dcc62a7fdc4b6e5aad874c89 |
| SHA512 | e9ae856be8452724d52aa789e3ad73a63ac88d97138995c5b619457d68b61b42f702dd1b6fa88b2816d199c8030bae81a03b76e4b8e3ddb8f6d047494c9135f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0983676c957e03b8d788742f4d8d20ec |
| SHA1 | 4976e1444ace810ba2841c117c8121d60aacac0d |
| SHA256 | c21207203edb3b3cb362fffd5c4ea15fdcc9da7a87dc7b50551d3a60b300e131 |
| SHA512 | 058279295a3559e6a98a603a193318b8a02dcafd3decb220c80f97f00aada187f75298beef9b3807204a70fad1600f20b1a2251ad6de29272a74da082557ff52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0ad81db8-016d-4fa2-a43f-f6d470042753.tmp
| MD5 | e387cdc70abeab9b82c0f22d725c6741 |
| SHA1 | 25bcc1123ab6c2dc5f78c4c7d4ba41bf6bc6ca2e |
| SHA256 | 32369c4afe0ef00856c5f732a2e5d921df6de714da87ed096d6be1a68e52b560 |
| SHA512 | 9112f23a6dabb5e6542c908c4fc2295451a15c5346e8c6d057a689cd7906d3f56d097d713b7a8a5f79ebaa47bc3121d058ad6aae35abbe693dbbff7c0fe05386 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9dea7a452aae0d5a3dde52d0fb47a843 |
| SHA1 | 7b82b8bdc38c07ca3268231e56fac6f7a705e0f9 |
| SHA256 | 0f6602a6765a3bea91b71153f083dac4c001b39eabefb6f92b4b247ad366482d |
| SHA512 | 4423dad2bcd87c0ad170b38f590328572c4a9d5fcb7a2d527973773d15df6fc2562eea15dd210a7f0b8c67f51d7d87b97bbb57f9458a8ec73d5d1a04f298e312 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d4a33983a60612f49674ec8f099f83a0 |
| SHA1 | ae2185c4357535c7eb49aa7e748e49c4401df7c7 |
| SHA256 | b16d8102277222e2d33f5923064f205b2c35e9a33cb1a464df446f63ba3106e6 |
| SHA512 | f2e4f8469d6f98e2962777309fed9d50900c913a80c55b4a3fa195473427e8cb14f3581ba70cb90ee3a77dbfc3c8bfe9e9ad4f1f69a10932822c3dbdb68a0782 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 107ef32835f51e70d2b4ecf02f333d58 |
| SHA1 | f00278d844c309bafd64ee532b82fadc0f9e4675 |
| SHA256 | 8619cc1d18d4a024189ad9bbef8f4a0584b9c8f827d5d4f1e4d7577cd5f9e502 |
| SHA512 | 390235d79555b4322410e62858d06e782fd575ef140a780d2bd3ebef21ab61422e3dfc0378b5b8eacfa5ca80cfacb05e8e2542a1bdd19c6d8f2bc1aae969ef77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 86f8b165192919ac96c70b0a4174c388 |
| SHA1 | bc54dd294a01a929a41148a871fba65eb0087edf |
| SHA256 | dbf34da9f3867d3e4c39877099c041c91ae50ab9788aef7403b341605b37784a |
| SHA512 | 6886740e3c219308f2b35d9074f2ff325786334059dcfa8e36f179c190b6845127a0c1c175ebc6e15f121f4df32ed7af5f43be219290f2781e9eed1222099bb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a5e4fc222275c51c76299347796017b6 |
| SHA1 | 7c328f13d4f4299ed690ab7b403dca7383b05723 |
| SHA256 | d1dfe5acf86c2071886c657e7f689c569d06c3205871a157b42c2f9c3f67a435 |
| SHA512 | 7349417d515c54f56dca0bdabf95a275c8bd011d2a8cf7243c4e9d23ef5fbd952debf9f24b49d817947f3c245b78e45ccea559c00b045263e4f98233910447ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2538aaa408bebca7_0
| MD5 | f092d0db9d28a9834a9b86bf3476cb7e |
| SHA1 | 3bc20aced6b1d53eb40ccfc2561faacdff352e54 |
| SHA256 | 6640baaa79b12f1f53181f7e3188201b49e669b7864852530dee6548bbd7f043 |
| SHA512 | 52d8b87d816787f6dba58ab68f2cfbc3532cec0de926251fde554b6d34ca9a48e6fa701c253f89e66f0b1980d77e486122a79ed8bbb6c0cff7db9c9e30d885cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d9b8ca51a828c041_0
| MD5 | 619accd8f69a84b685f5ae4fc4c06b5a |
| SHA1 | 449f5c893dccfc3fa8df8a2822c12f6f8c7fc908 |
| SHA256 | b0a04f622c10b0a5faa1059b83134f05da67d4dbd85af7b71e88d3653c55fce6 |
| SHA512 | 68e272b9a9031fee76686ecab9dff0a6390ea73cde93033361b501a3d68b85b4a34f0097d00dcbb5f2ae2008a8a0d4c909fc71671ab4ad834d21ebb427a3bf4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a914eb5fc51fb84_0
| MD5 | b7568f753cc4abd5d42255ffda90c574 |
| SHA1 | 590e35436af77e066205965861fa453c08e6a339 |
| SHA256 | 87bc1608b318e81cb8af0b9095a74bf7a40c3bfe93ab90b7d4496c0844651f2c |
| SHA512 | 55888ca0a75b4dd27198846796341aaffbcfd3537c9249bcf65da84a9ef61b211ed590c177d69abc78e4ef6808b56916a96d25fbee54167765752b7c0844dd3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0
| MD5 | 8cfb549c889c4bbfc39dabd836ecbdb9 |
| SHA1 | b1e6525f66a0b3f71074c1ab14e43fefc4bead5f |
| SHA256 | db5968aed17aeab1099ae3c76e35105a452f765a9b209df6af88b2c0012dcd4a |
| SHA512 | eb9b817fae55dee64004d0ea4ec9a394cd74b8c5d589ac635066cb403a0bdac7bdedac4337a5ee3c0cca69c23ac07fa2cb4fae03fe41092647c4538152fde892 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0
| MD5 | f9039792e4bf7fd26d7cbfee101c579b |
| SHA1 | 0827382ac49e6ddba70aad6819b375dd07da68a8 |
| SHA256 | 5d25869e19f3800495a5c89b3891f5683c07f3ac67b5b62d615d3a5f0db96cbe |
| SHA512 | 41116533f284ba50f3709c3aae68f89ad5c10d13f1fb6b7186dd575ae760aacd807953a717dc3418aa7a8198481abf2e85ce8ddb1ba61d653500fecffcf9bd10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dd99955086c851ea_0
| MD5 | 07e057f09fd8a679cefe5d85b117bd30 |
| SHA1 | 455c873d4e6b4d54f72f3bd7daf98e17e26496a9 |
| SHA256 | 76c7836205471be5eec274761ca389dd5809d4ce68bf514487d17f5f6305129a |
| SHA512 | eb2b95daaeaebf44b749cc256fe7e410c73b02286caef80f892be9bfbaa8505799bde6fff6a39908fd7ce724c627fb93af18c75e7b8a99e9efac6ee2c14f6e38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0
| MD5 | ce36f2fd8f7e8c884d94db9f875926dd |
| SHA1 | 5bd3ff5c0678455ca122418a456e4be5181e9e33 |
| SHA256 | 66eb3731dbdd8ebd2129e3f30e01e3944e782ffdb0cc303e946b77d73f2401da |
| SHA512 | 7df8dba044ecb39b81fcf2263c3a0875ddbcab8aa44e395bad4ee24d6189da393e4697732f1b51a0c5c995b983671d55a2bcbc66116e85521ac10de6e63c9418 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0
| MD5 | 5aa16676159a615c4f2c473576de6bee |
| SHA1 | 5331596da8831404e327fc6d398166305e7b0054 |
| SHA256 | 13a6fc4c5fa0455c0bdb2703d3c2bc7c318eae7b5ea93b73c47ec78b5954950a |
| SHA512 | 7e86fcf9f46375a0fc2fc1e4bc72c2c9bd106297f5078a8e14555d2847e3e118a9f5f718048b7158e133ef9bcb7937052114840ce7d2dda4d7b096c0ecf47f30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eeaf98686b11363a_0
| MD5 | eb44aa63490539a9169ca13aae8959f6 |
| SHA1 | 32899a07e679b13ff929d6f55b2cdbec455fa0ba |
| SHA256 | 5171d9310a0b59c5bbef3d8c4fc77d7c8e2de6d1df82e01abefdd7fed5cc22c4 |
| SHA512 | 71f60c0be50627ddf3ed84ee7582022dccd6e297f7c70ec5e1cd46ce9a635fffe607f95406a5ce8f95d6d470eb0b673e3bbc1c594c104b368b4e9a963212fa8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0
| MD5 | 6d4a65174f9523b94eab63f0a237db84 |
| SHA1 | 4446f3ba89d50b2992e0c3cb2e2703c1ed4d63c4 |
| SHA256 | ef98766385b2ddeb2e72b953e9448db4701673aa20f4903db360b2677c6e3d7a |
| SHA512 | 5b300561c513478483513b05128383f446aea691f77897057840d5dbc6ae2a670880d1daa3f36de40898c99366656abf75990369d944dd398b35fb41114c015b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0
| MD5 | 4b1cd8cf3e476560e49fd30909842e26 |
| SHA1 | 9c52de8c3328e2632c152e1c9b452ec457607984 |
| SHA256 | 8da1b1ff73718a8943099722f25cacf742c6391669d8639ac1abf105dcfd8341 |
| SHA512 | 8ad7bead839bfaedcfed8e932cc4c62e2f0ffb6163de95770e0d77b5fe091cd44d43e65e8b73993acec111fd18311066bbf6454468c58f14aabb3962c398b88a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2692617678c042d9_0
| MD5 | b4df64f69bfa86291dfb7d1ee79f4bf9 |
| SHA1 | 1b3b64dce34d8b90cb437dfeae6b9de3cc5303df |
| SHA256 | 990b4dd1cb732b581f4f774b5b8ca1bb0b117bc2e9f79132d4a91451acaca0fa |
| SHA512 | b3f0e50f0f3fb8037de2672a18a3d846189a715a4d51751b072123d56db7661b249d41edb10fad4b6247ac823dca27736150efa1f5a06646d0a4ecc80eea9ee2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0
| MD5 | 94bb7b0a2ee8c54bd5520ff5d4c1032e |
| SHA1 | 7b66d0c9414d0d1336ee449b84e35420af33abf6 |
| SHA256 | 8ecbf36a22f1077da0dd067c5c9c2f6c8ea31914effb4839f80ba3828524e233 |
| SHA512 | 23579878552a5712aec4d29f782fa71f60f97c1541c22541b21218aa6e3bb717aa771489eecbfd9ab8dd8cdae58bf60e115b0f005f289c7fc0fae60430d6415d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c7f07f67850840f0_0
| MD5 | 653ef72a90bcca02f6389525f09e7e5a |
| SHA1 | 6342db53512f27f99b60f4e9354e2315671aba28 |
| SHA256 | 35b4de536405304cb8b39a80d22cd0f2867993595a56f12e7a0389003bd80ce9 |
| SHA512 | 53379b1b7fb51a0eabaa859302722b8518df727cd7645fba6f4a4773d83245745b11123a7dd2ed1ce625e89e97749b7f648c33faeaef24d147ac9ccc46837cad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0
| MD5 | bf4b921d8b4a5020bf907f1ccd8f3a84 |
| SHA1 | 72a489fad9d0daf51197380b49bf2c48dfaebde2 |
| SHA256 | 6958c84c1af59432b8b14debdde00e4d725aafbbc321087ca9aab34fd9564b8c |
| SHA512 | de0df53b2270bbd07985e7302e25b9ad35a3763b43e5ae1b2d6f6abd713fe1d88da9453e20e2a5594da2c76ba4212f72591836e35124ec68b92a89296393cb8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0
| MD5 | 717cc89297cfcf019b0b2b9116e77d63 |
| SHA1 | 69f5943ec60f3459329acfc0bc7cb1ebf239be45 |
| SHA256 | 0841523449dc7e9b6281c1309db2411a243dd98079df9ddd2f124712c5152b97 |
| SHA512 | 64dd099d701b25d9777881318d69beb5109ed7270379c32ef1f284ff63266a4ee6c7edb997c1fed1e6568a0741315bcf3175dfd3971dcf754b0e43d796ab724a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cfe0cd2b7b98f585_0
| MD5 | 46e10c60cb49441730f20b98c2420373 |
| SHA1 | edc61a1860af21592413a5cef85485351cd77a01 |
| SHA256 | 824312d0d2b02789137d9a40a40a6c580fd443a3807ff3b6396aa653589fa671 |
| SHA512 | 34c5e1a8b85339286c37c9d1a8db7ad6c69ccaa605e4308f5ad8c744e58a9c68d8886aaae765c2953073af767b99f1d3462c8a944d85a9dbed9193b9bad1e919 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0
| MD5 | 97f63b26c59120445db0f8daf350d91c |
| SHA1 | 7a2373c69e15b09624c72ccaf531309b4391f8b9 |
| SHA256 | 72642fa02b6ae4f1a8875ad4b3bdf2559491cdf9f4cd2aea3124b48e90958b1f |
| SHA512 | c0acc7461d5c471fa47c2e5f41e17aa8f18633d231381512636803b60d39144c755130509c631bbb2f751096cd6d99c0233c1482a0e871fb830139105ec4a881 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0
| MD5 | 9798d626e6ff0d2de15791036b301631 |
| SHA1 | 40b31766d7652d799cd102134687082077a92448 |
| SHA256 | abfc99df520d94d2415e5c5e11afb77b954173baf79b8f2b2abf6901571b5f6d |
| SHA512 | f06935a5575ff541813273c7a6f3e23dcd7ab1f0c15e8c90bd714124e25d7476f9fb31b7ce150703e4a58e5fb3a9c638b150b2229c803573fecbc63caf22faa3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0
| MD5 | 2a8f16ce0d0fc3be2735d2e348fcd899 |
| SHA1 | 0338ee087b097906da9a81531e59b3a0823f9008 |
| SHA256 | b2e226a8c225d2e5998499e22483ed57f0e8159e9c7ce1df0937ddb614af41e0 |
| SHA512 | f6e311e918ac4d6d86fadced63d498bfaef95de68efff8319b80489ce4c550240a16692e672075dff2f1b4de68a73fe804a683503001687de106540b453d5e37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0
| MD5 | b2069dee99a999aa077a83fe31349581 |
| SHA1 | 6b9ae64efcdfacc8372ddd81dd315cfc378e671a |
| SHA256 | 8d11a04a9281da9d157bd77c091ab2ad9500cb508e137d5518274ee97c791c8c |
| SHA512 | 85e31300c99833e5bb4c3efc34b74f5cbf8abefab43292963759ac13c929b95486d5732b4ab3b9edbeb2efadc1392550158d7328abdf0e9dc410aa5901042fe1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0
| MD5 | 23b219a81b07d6478d5de2484609e79f |
| SHA1 | b34436adcf932b56450242fb0ea3072c8fd840a6 |
| SHA256 | f96e21a530ca1b56106f4dd8910d686e244ad1de2bf59773dd58b42ccd84d122 |
| SHA512 | 9465cc14038e51d41cbc625b5d7217c30b04bc7abe2188f48dcb32528fe3bb9c920655d786dbe558643b0ab3a504921b1574acbfd177220152b59bc1588f5140 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03eef0e77feb64d4_0
| MD5 | b1321e87c3e607b3e65247dd9a268597 |
| SHA1 | f88500ae57c7409c97af4c74619f2c33e32a22c7 |
| SHA256 | 1293e8678ba86921b0cb883dcf51fe6de239f499275ab49cf43e051e8a3a1c03 |
| SHA512 | b556d15f1a4e8c4e9504a5764cbe9eac626e962df788da6b072ea9d856eb658bef7258bff8c9af9f0d2ad3d8e081d92303cd5a1beec7fa0816854a5b5654975a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a28b766f2e67bd61_0
| MD5 | 0c98721a1d043be42c66889cbdbc434a |
| SHA1 | b23f2ad0c4909c444f21ce2012aa98017ed89eba |
| SHA256 | b41800fae46d24d3aeabb97de5b2821403c282e9b3113714613632795b93756a |
| SHA512 | 68b1206177310e0003aea2677f9df92e7b540fc59dc24d83b971c6999bb8367243334275ea607313cd7486926a78db6ccc334ecb83d601fade1bf05d5d26f9d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0
| MD5 | 7a5422d8a1269711b1653ae6208e7c58 |
| SHA1 | 1d2e1a4d1a250d0dcb85e8ea1e3ae4e567ddb002 |
| SHA256 | ace2daef007ffcfade24e2dc745daae35941464458c178ed0e59e6da2126203c |
| SHA512 | c8bd93e776b52b2074b54a35c9bad318cd55c3104d4b46853b13cbecc100cbd25ec5ecee80df0b3e53ce7a473aaf1f55e19d72e94a84213c06343fb525f33a21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\82af833e9b5cc26e_0
| MD5 | 2ea5bc2ae33d01d599e0ff9812e98937 |
| SHA1 | 179f44af23043a3440c44b71a100a36a751d4385 |
| SHA256 | 6bbf285430385d8c228cc2112d9f5b96b7700f20e230807a64f023218932a025 |
| SHA512 | c19252b194aea79082d7d191364ee1c518bbd66278281200b9cb67c9d3ed99394f32365e0dc05426ace670a43f107f53515c61ca637ee157a47b8d9f8b6c8453 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6db290dce274a012_0
| MD5 | b4ef18d6f4e3ffd8bb7889e05e9c7598 |
| SHA1 | e044f9972ece3b59f0ca1792a68f9947aad2ff62 |
| SHA256 | 52bea09d835001e96c83032503ac226d5b0a704ca393deb368cd5c9dccd5aa64 |
| SHA512 | 7547f27685804c23499ed5f45dcff9a46705d9990af739e8a1d8cd2ec062dc6334d371f26911ea344ed56d55d8a5768e5f30c31ed18edb37703c70ec472c9c2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d45aae6d8d9c9ff2_0
| MD5 | 352bdd2cbbaec6a1450bb77a03f4993a |
| SHA1 | bbfc79621bfdf06ad439d3680d638ebbc0583109 |
| SHA256 | aabc42decb891b77611f357a3db93981874e8cb244577be16f48430678d62781 |
| SHA512 | 4b5a0e8974e6942d825e7e99913c788315bb8385803a52937bbc5f434b2abf6990238805f44aba8a5c6ef99f9ef72a6098e75a9bc6ef5a886cb8116a0557d13d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\242d87fe25e8b258_0
| MD5 | 444d84f18de8f2709d1101bc2e7c4131 |
| SHA1 | 94ac90199ec497850e1fb2648b8dc4e402ade39a |
| SHA256 | 50378a9273842805353a67e286d86a10a136b5b82a09dc7b700269192c8465f1 |
| SHA512 | f0ca28abca834c42bb17b7699843f62983aa971f185f66a194de986fa1ffd6931ed095202e02784da890be40bb3a7ff2a1cf9b23b32ce05fef0df7d1009313ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\36b64af6f1adf90b_0
| MD5 | 9e43277d5562b24ff9063a54d62f5e2a |
| SHA1 | 6f08d0c42306fda1f9c23e113bba664750060f02 |
| SHA256 | 8d27269b4960d8c21c604e720041bc4663db734efc9604082ae0489fce1bf94a |
| SHA512 | 374171ef0e2765214821fc8f905d8f9f8da7b9cf21f430ab437274affe55e189a29f90cc05d6e16bb12c59779fb600612b91b9abb5a79a1e36e369c5eac6de86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c211c9dc68f4bf01_0
| MD5 | dd1fd979bd52b8b1b4ee8bd5b3d7aba7 |
| SHA1 | 4010b02c56afef11ef28241241a8374c27ce0315 |
| SHA256 | 81462a116f594399f2f4f0ce1e83c3700ceb7210478e3a383903bd71bbedf54d |
| SHA512 | ef195f8153796f6d70bc420b88faa64a183d22774791c1f6039104e5adc95dc6c5f0e25892cbc50c9cae78c9e5bc3ebce347f6f771313629b2cefdb65a0f44fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9fab0bb8039bdf7_0
| MD5 | 5423445b8a974e47410269d77e14ad1f |
| SHA1 | de3607eca81ebed149a7e25a8ec871bd38e3465f |
| SHA256 | a812f30def42871dc293e38201debb8b149c624dc15aed57c1afedc357ef3c0d |
| SHA512 | 586ac6ea47f7682015ac8e3e1f9266f0947845b491e96e5c96b21acfdc804a7255904e55ceae17706d78b30d159a3165d06267f2707c70714a98789b6212a9d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0
| MD5 | 040523682b81cb9e976ee1b82679bfb9 |
| SHA1 | 0a3e2ca55b355367ca705a03686e7e5871e85567 |
| SHA256 | 3a86f5a5981cd5381b5246a88834d59495f63360b9eff188053b500288424456 |
| SHA512 | 0f6f65be3a7b371a809c5a1026b7a2bd9fc85194e8cf7f83aeec7a6e4d643019cd3a392b54110b4ff9f23f4aa34e696f5d43004eec69a0ec0a5828c8ea886ba6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0
| MD5 | 2ba4890bff041e539ebfa7a1f219818c |
| SHA1 | 5bdc43596010144aaab21e03d9d02a8956362924 |
| SHA256 | e04b77b34b02f8c9149257d6153f879672651af4fdee2a36fa6c0d07695a9104 |
| SHA512 | 5c1611029e6e21fb1df1d7eaf0d4c2f7428a45a619685155dc634f44e8c43ede011b25644acb9d2fd7ce175115b100e11d5c33416981fd039118c16d12aea653 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0
| MD5 | 9c20be7cd703625d5a73245bc863d006 |
| SHA1 | 2535b52c1f1681e92cf89931583ed1231f7dd4fb |
| SHA256 | 599a85277aac9cdeceb27dae42ffd0c58245a7001430e509eade1d5fc27d69ac |
| SHA512 | 4a939aab25517e3c05222b01f96fd93b8ea5a9654c724d52b440373c6848daa40f97859b63c473b8e5435e499c0497d9745580087af5b84653b0bb67c6729589 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0
| MD5 | 8925ba19115dd187c8cb6cab4bb0ecf6 |
| SHA1 | d4571b042c0c0d093d1aad7c0fc7376977ef74f7 |
| SHA256 | 63b7ae5ef9ddb196656468859bf42183d5f107cfe1441c30652cd6002ad94c1c |
| SHA512 | 791db0f467444be26f80020b3f61e5f8eb9aaff9a447962f67d71fd0d4aefe264771472a2b5728b83f231a30329f62454d626e3cd4dd273d961d1ea23e4f21fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0
| MD5 | b35c71812d0a9b84983f67cfd18252a9 |
| SHA1 | 63f016a67eb4f97aa457de3413ccddea148213a6 |
| SHA256 | 64c9e131a3027b9008a32dbda57a597ae3d365c33e75bf5c4a77332e70f4b288 |
| SHA512 | 3e1e506c5b43956b529790e55701c30ab0d3c502b3386d707ada7775afb54decc71b60fdeb0bc0650ed5f27999921a7acb1e26efcc8e176a6d9610775ad6d5fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8c8218aef51a783_0
| MD5 | d310c57430f80989e8864c15417308fe |
| SHA1 | bd1a4610d574b2d33a4468f5c68758a962596e0a |
| SHA256 | de77ec3af30fc33dad9eb734383e01c9de1c5d5a94ecc914966c736877efbc9a |
| SHA512 | 7d2ba85c1b414e8526c3488241df0ce361f52c2bbee182009eded2d9ffe88b18ba2996bd793cf7c34a228879d55f5dea1ebe87af110cb26308f8b61183788e72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\163cfbbbd670a71e_0
| MD5 | 30c0e1b353845bad43dfc4e624a8b190 |
| SHA1 | 15500e803659105cb8ffa6d2a82ca74acf354c4b |
| SHA256 | 4622df66afea747d04b2406306924cb470fe6005a1d058d9da007c17fadc483c |
| SHA512 | 7cd52ce726c4458bb1eec568d1409e67cb2c41c67b57699cfada9f5f1e0a1b4fdd11518a218e904174d61b97aa57a47d3cc4475d8ef51b53aaac5c90662b4b52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0
| MD5 | 2207381f69447c494426bb6a05432001 |
| SHA1 | 724c79c7155001a1a73a1ba19a3bfcce10f76be3 |
| SHA256 | 5083c794565859c60da85e553d720ea37bceaa102932daa159eb8a9c5953106d |
| SHA512 | 215611330c389262abf0ba715219a2f3f73611024c6d6bd7f3d93ce9ca224dea7cfce0560a9d0c18d24ac5d69557efa15a446dfb264c40a58c4d465a85b7bc33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\33419c1cf4e071f7_0
| MD5 | a44219db2e57aa8d3a61e77280de19ff |
| SHA1 | 329361aadc1a17810f11dc1df260d7b9d09e796f |
| SHA256 | 11012e890b4f3567c29a8ed4eb59eae626e4242649f79a9c88077deb0b726f30 |
| SHA512 | ab2ea10c73641a379aa2031c4db8468e14b313685cbea1779b02f2e7d927c60fe77db0219b67f4203f21f3ba4f00c5244f1f3545c8a2837943dd3454aa2ebd8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ce003bafb7f85a78_0
| MD5 | 12f1c38d996470373d243923aece13d5 |
| SHA1 | f5c3dca9ffc72d6e51740754564417f25912a454 |
| SHA256 | 928e8a2593a728e2a784c48a3d7ad58a120e46f1d014b454b590a912eb59913a |
| SHA512 | a817a921756dcb27831c7b56d3d0cae73ad84678eb282faac981f88448587f29c85306458b7db51544eb74fd7e9727100b52ea3e3ddf1e15b0334ddbc7c03579 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be86542aba922d64_0
| MD5 | fe6484d336ce868b113e0553a9aeda58 |
| SHA1 | 4bde1e3e149f3caf6eb3568e04eb38a1fd689525 |
| SHA256 | f8809a5997afe10b1df4342f12677d13e8ba754fcf9312a121ca35662baf5bf6 |
| SHA512 | 6e77a1871037de63c6344365b340cade254879a67fdbc437d9f5fd46276d94d72082bdddfaf2315def1a6884cb26919dea9f50dab23bf6fb03bfa4ca77c183b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3c0f8dc2ad4a62bc69f17a402a90a545 |
| SHA1 | 6e3d40c7911dae2338d029404b001e6abb5ae0a2 |
| SHA256 | b7a8ba05fa2ced791eb7b7648591c6bf3361b8856f9bc78610220dbc3a279985 |
| SHA512 | 6e01653adef0b60cc9605aa1e82ca1532d49e73f62a676954121a068e670fa3dafbb76182943c3a8d285de10dd3d2130617dd06af4e465f38a9ef51a9621983b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 65d96c7da24a31cebab54d474ab0540c |
| SHA1 | d029ee8b98116f28c83ebf744d0762692af3b0a4 |
| SHA256 | 7283e8c532e235d4743a4504626296599a65ba5e2773dd7dc008a33519584686 |
| SHA512 | 8906ccf15717cabc28e8f710780511ce699f2be028e15109cb9faacf691eefd12ded2ef1f3ae1e7a76c58158bde336d1d8b9d299487c645bf1e55dab5381c8f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 8e01662903be9168b6c368070e422741 |
| SHA1 | 52d65becbc262c5599e90c3b50d5a0d0ce5de848 |
| SHA256 | ed502facbeb0931f103750cd14ac1eeef4d255ae7e84d95579f710a0564e017a |
| SHA512 | 42b810c5f1264f7f7937e4301ebd69d3fd05cd8a6f87883b054df28e7430966c033bab6eaee261a09fb8908d724ca2ff79ca10d9a51bd67bd26814f68bcbdb76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 217be7c2c2b94d492f2727a84a76a6cf |
| SHA1 | 10fd73eb330361e134f3f2c47ba0680e36c243c5 |
| SHA256 | b1641bab948ab5db030ec878e3aa76a0a94fd3a03b67f8e4ac7c53f8f4209df0 |
| SHA512 | b08ea76e5b6c4c32e081ca84f46dc1b748c33c1830c2ba11cfeb2932a9d43fbb48c4006da53f5aac264768a9eb32a408f49b8b83932d6c8694d44a1464210158 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 398c110293d50515b14f6794507f6214 |
| SHA1 | 4b1ef486ca6946848cb4bf90a3269eb3ee9c53bc |
| SHA256 | 04d4526dc9caa8dd4ad4b0711e929a91a3b6c07bf4a3d814e0fafeb00acc9715 |
| SHA512 | 1b0f7eb26d720fbb28772915aa5318a1103d55d167bec169e62b25aa4ff59610558cf2f3947539886255f0fa919349b082158627dd87f68a81abac64ba038f5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | d2610a5d8eb0910f15b4d0ba1db62ad1 |
| SHA1 | a48324d4034a4aede07736a1e1236edc09f82109 |
| SHA256 | 30cfccf9517449b44740afc542d5ef80255071b5fbf4f36d767bd479dec3fdb6 |
| SHA512 | 06c3abdb2ed0d6b9ab1f9b2172b1ac28862a8b27abbcc64250aa43302792cba76a201b2b1a180159a50658ba34657464335cee2f2cd8511e34133657bc1b60dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 735a92514dd5b86adb71e5356c2c6ab4 |
| SHA1 | e02b60e206660e237d4c810304f6523beb653906 |
| SHA256 | d1cbdf7409e6f1390aa9d87d754c120865084e698f40c7c2f4aedf8bb965c5bd |
| SHA512 | f33e058a86d2570d897ae4f7f73d0ad7c9b5d4f6717620d365426af42b0dceb15451073bd68d8e8faebecb4da5346e3c545d06f3e6c546ef5def1a233f46b7fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | dde035d148d344c412bd7ba8016cf9c6 |
| SHA1 | fb923138d1cde1f7876d03ca9d30d1accbcf6f34 |
| SHA256 | bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9 |
| SHA512 | 87843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 8bd66dfc42a1353c5e996cd88dc1501f |
| SHA1 | dc779a25ab37913f3198eb6f8c4d89e2a05635a6 |
| SHA256 | ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839 |
| SHA512 | 203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 65b0f915e780d51aa0bca6313a034f32 |
| SHA1 | 3dd3659cfd5d3fe3adc95e447a0d23c214a3f580 |
| SHA256 | 27f0d8282b7347ae6cd6d5a980d70020b68cace0fbe53ad32048f314a86d4f16 |
| SHA512 | e5af841fd4266710d181a114a10585428c1572eb0cd4538be765f9f76019a1f3ea20e594a7ee384d219a30a1d958c482f5b1920551235941eec1bcacd01e4b6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | b8240239d2954c163e119f17d16a9436 |
| SHA1 | c59d2272dd2cf82d340f1863ebd708a268bb20f8 |
| SHA256 | a6a63d39c4bec15266e3fb74a9657fe6cbcc1de99a2594f76589978141e000b7 |
| SHA512 | 5bedff022ec19928a21a22ef0ea4b9397c786cf4fe796a5b15148e6b19e0d0f5a7812f5a0918f72a45aa77322e0b9f194bce6dc22c3481e76e73edbb58cc8f73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 92e42e747b8ca4fc0482f2d337598e72 |
| SHA1 | 671d883f0ea3ead2f8951dc915dacea6ec7b7feb |
| SHA256 | 18f8f1914e86317d047fd704432fa4d293c2e93aec821d54efdd9a0d8b639733 |
| SHA512 | d544fbc039213b3aa6ed40072ce7ccd6e84701dca7a5d0b74dc5a6bfb847063996dfea1915a089f2188f3f68b35b75d83d77856fa3a3b56b7fc661fc49126627 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 1ffd5a0b8ab1224f583d3fc1eba8c94d |
| SHA1 | d2d90fdec1bf2c10300e89ae2a5eb937fa0dca32 |
| SHA256 | 29e203bb5fd4cf61af444f0ad43883c83460aad226da7b74aed4fb4746eb5168 |
| SHA512 | 3333a2153f26db3dc228fab9f4d8827bd9b552e09219982f2ca9ac7a27c98250b4ae28c76cef30b52462f14228e4116f31574dda5635f44b8604069cdf3d603e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | adf2df4a8072227a229a3f8cf81dc9df |
| SHA1 | 48b588df27e0a83fa3c56d97d68700170a58bd36 |
| SHA256 | 2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c |
| SHA512 | d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 776f8153ee57cb2018ab0ccf40190148 |
| SHA1 | 92bf18b4ef553660b1b2c6e8bec88665c3bb0d9c |
| SHA256 | d4a30e3221822ff62727f5cfeec0273f9dc6517c037b744feaa85fbf8387103c |
| SHA512 | 14ace7ae5d9d9045113575ad1b9f0954542b191522642a4b594797a09f875a5204e7cc1318bac8f5acfb4baaa9d8a34cdbaeda0cd43db2109c86536ed101d188 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 07a241480e6cb8e8850e10c26896ef76 |
| SHA1 | 55c55b15bf17b9df7c18223819a57794fd6483b3 |
| SHA256 | ef3c1a0c63d71600ee199a2d493767db0f867d3e632362790ecf520011cb5d78 |
| SHA512 | a693d4736408d68907484a0b8c52118000213b262115a13dedcd3197fabf4ebb686a2005b6f10428760abcf8e7689ef04f929447d0a4e59d22e97ba5a2ee3c52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 58795165fd616e7533d2fee408040605 |
| SHA1 | 577e9fb5de2152fec8f871064351a45c5333f10e |
| SHA256 | e6f9e1b930326284938dc4e85d6fdb37e394f98e269405b9d0caa96b214de26e |
| SHA512 | b97d15c2c5ceee748a724f60568438edf1e9d1d3857e5ca233921ec92686295a3f48d2c908ff5572f970b7203ea386cf30c69afe9b5e2f10825879cd0d06f5f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3bcb0cd05a96f5aa5098c023587937a2 |
| SHA1 | 2364e40fa26e1fec60eadb9bb28bd5ac32847e29 |
| SHA256 | 0e81983732c02132b87fefe023067cd924cfeed13283ee8c85d309d2253c7aae |
| SHA512 | 2079108402264d8ef41978f30a26f9d7cd2be5c9e897613c7829f5639607580c5cc3138999484b88843e54cb829099af85f2e47f66f70a0ae1350660d78d0ea1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1ca7f67901eff1bf8d0aaeb61aeea85d |
| SHA1 | bbe9cc1582fd0e7b3d8d296b9280629f1a6fb8fe |
| SHA256 | ff0af62f66f9bedddfd7ae53bdc04cfbafaa3e2eb50f70e33012225a26b2e6e0 |
| SHA512 | 7acf56916c58023f5bd8ae44aa2fa19125624e80de7e14240b87cc8edde0ae4b5e7041f440956074d575e62b7c49bb56825e8c020496e8647abf0d6ec100352b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b462b7db3076c2cd0720bc7a3e95fd7b |
| SHA1 | 0dc1cb379834bed4550027471ac62f49e9f9f27b |
| SHA256 | 293a8af2c256e84cbd9b5b9cd7fbc62e3f0dd793968736e8f391b507f40eaadb |
| SHA512 | 99a9933c8558f84b10dda81fe6ddc31a35b148e68b8fd74ef1ab39dca75431df7cb3c0f56d2cd53fa604f0135315146e952589c1c6be3c62227d6912c7eca3ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c930e339da7c86e5140c40b804f2edab |
| SHA1 | 58c71a36486c0c1871c21e44301f7f869a2c86c9 |
| SHA256 | 765ae92a8d6d080c89590a40a7f86df1f7364fc5878115d4ec8279e6c5ab046d |
| SHA512 | d59d3bf18e6c0044835e03a88249039db3e53180d01f5abc0481ac1c23b95ab9d15472e3f6d2e81690c6707c7436e4b2ff61ab29574bda916eb88e20cb0f2539 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 98baf5edb658c5d6a9c33a9a294bf7ed |
| SHA1 | 8b9d4e38a266fbb514e43ba37d9e459124c84657 |
| SHA256 | 33263dff88f4b5766c2017f1e2a91dfd7f29380234e96373e0e3eaa9fcaf82d0 |
| SHA512 | 0117a490a399cdc591a3e78b42dda8acd2c8e9631a6efb003d8cd4e098731e820dc5eff04fda2b6131a3ac3b9b42ba32879788d7fc8f16301de96be2c0b39e62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 19ec04283fbe2c38c458ddf682f7f946 |
| SHA1 | 5b2b0fcc4de0dff3f88798b350811266ea913ef9 |
| SHA256 | 03121a1a381a879e85b5d91ae432633aad06a7ae3ad24e2dbd547da2d7716bf6 |
| SHA512 | 6cb723b6537c9b13febcda5e3987e7e890e3787aa78aad218bffcc90f14d93d9df083d1d64ec4a10446bae6eafdce6849dcd789658cd041e8056064441fff1a2 |
C:\Users\Admin\Downloads\Unconfirmed 9710.crdownload
| MD5 | fb598b93c04baafe98683dc210e779c9 |
| SHA1 | c7ccd43a721a508b807c9bf6d774344df58e752f |
| SHA256 | c851749fd6c9fa19293d8ee2c5b45b3dc8561115ddfe7166fbaefcb9b353b7c4 |
| SHA512 | 1185ffe7e296eaaae50b7bd63baa6ffb8f5e76d4a897cb3800cead507a67c4e5075e677abdbf9831f3f81d01bdf1c06675a7c21985ef20a4bae5a256fd41cc0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d7f0e2b27f37d7cf1c4dd4c2ea0ad69a |
| SHA1 | 06dbf9b28edc1965c34cdb0f7c23da4de813c345 |
| SHA256 | 58fffce4f6854c022ec913bd6b4f168e7c5a755fb1305a27dd7f0a78f8557a9b |
| SHA512 | 6144436aac7b3f409a2cebaaad7e70a73663b8d98993350ec0a79a3bef31c4114648a722853105a322c42ded924f2cbf7d6509f44b4f0b4a5342c1d72f9d8f0f |
C:\Users\Admin\AppData\Local\Temp\install.bat
| MD5 | 90022f82afe48963cc42547209f18f96 |
| SHA1 | e60698c77e7df4cccc493f2cfa6d76f7553d71e2 |
| SHA256 | 046509f2b672f0f5da1b5441649873c736d81853701b67094bb319b025afb2cc |
| SHA512 | 6743f17da515c61ba1ab3df53077929d6f480f84978bcf8ae61880015221f245fde6e3a2ffe3dc937f80b37e8774dcc61838ee4ed461658b3a44f02cc0469208 |
memory/2148-1820-0x0000000000400000-0x0000000000417000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c8be853849a644d567ee5107038feea5 |
| SHA1 | 765b373fde977f6e02f5cc473a4e30fa151d9fdf |
| SHA256 | 3b98ecf14952c6583419aecee863449a91a9cc0a3f2c91541c90110b47df28fa |
| SHA512 | 817823840ff0c0e0aa92668597b94c735a38f2da7295613fe08b9261f423a38eff42b1cc686dd971acea20c5c846dbe42e7c7aadf8096fa3374701a4e7a4e0f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0a2f98836f0c9725132585f0304a1a7f |
| SHA1 | a1b031e4060325c62217d2c49c615458fff30ed4 |
| SHA256 | 32f1ccf0c78b8a58d09eadb7b611b4e40d37b6f3871c4bea8528f985c3f0895b |
| SHA512 | 25717506286d2e8cc5aad45c3d6ce654b04d778489634385b062a7490a990b3db5882c44c99243f4c77594b224b52ba3b75678cfcbab7f551cc9ca8fc25c167c |
C:\Users\Admin\Downloads\Unconfirmed 625511.crdownload
| MD5 | 1d9045870dbd31e2e399a4e8ecd9302f |
| SHA1 | 7857c1ebfd1b37756d106027ed03121d8e7887cf |
| SHA256 | 9b4826b8876ca2f1378b1dfe47b0c0d6e972bf9f0b3a36e299b26fbc86283885 |
| SHA512 | 9419ed0a1c5e43f48a3534e36be9b2b03738e017c327e13586601381a8342c4c9b09aa9b89f80414d0d458284d2d17f48d27934a6b2d6d49450d045f49c10909 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 19ee61511ef0440994c81073624d338d |
| SHA1 | 7459ca65b9eb5b7b02e84bf3176f738169703dc5 |
| SHA256 | b98b27fea35edc3dc584271ed2fb3f1a26457c2b10ae8fe84bcbb2148195a10d |
| SHA512 | 45fe871da25f1366df3d96cd95996264ff3050646d56ca10592db787d6102435896f2ed3d6e28a2a66e0fdf250844956418df589acb3402a72b741b3613a5deb |
memory/5852-1901-0x000000001B940000-0x000000001BE0E000-memory.dmp
memory/5852-1902-0x000000001BE10000-0x000000001BEB6000-memory.dmp
memory/5176-1904-0x000000001C4D0000-0x000000001C532000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uRClgZblR.txt
| MD5 | 502984a8e7a0925ac8f79ef407382140 |
| SHA1 | 0e047aa443d2101eb33ac4742720cb528d9d9dba |
| SHA256 | d25b36f2f4f5ec765a39b82f9084a9bde7eb53ac12a001e7f02df9397b83446c |
| SHA512 | 6c721b4ae08538c7ec29979da81bc433c59d6d781e0ce68174e2d0ca1abf4dbc1c353510ce65639697380ccd637b9315662d1f686fea634b7e52621590bfef17 |
memory/5168-1916-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2456-1922-0x0000000000400000-0x000000000040C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\RegSvcs.exe.log
| MD5 | 944402545afccaaf768f62367ad5d842 |
| SHA1 | d1598ec9409d0d59f52f9bf0da6390bb5d5b6559 |
| SHA256 | 4fc9414bd5572166acdf31288625df1f0bd34f5d0ba8888bca181258d81c85ac |
| SHA512 | 9ec3875fb0e84301992f902ef3f85c53417d759f8e9e7064a0316a556043d428ffb90f91b54fe2761fae7ce9b73ed5d536dcc51b9a696965e6c4b209ec01711c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 606dccd427b8d97cf88165afc1ea910d |
| SHA1 | c1bad023c013e196400b10f8ce9171cf6c8b47e6 |
| SHA256 | ae68e365a57851f544c282b07b1450e73b1f8d084eb3e4d7a6799fb6e5119f7a |
| SHA512 | d1237ede8f2cd1ca247c0868ac58f44d555f0ab4d347954e0423ad414effbf9a6ad83899a768d5a6d6e92f7b51a1f552476a77eedb5c60a85acecce5583da2c7 |
C:\Windows\SysWOW64\remcos\logs.dat
| MD5 | 7b22f90dd805c5a4ccf3cdc6d9834652 |
| SHA1 | be5580512ba1902096e6cdf8dccacab842a1a389 |
| SHA256 | c1353d4dad5c15799f734879898a9eecbac979ef607fbb2139572a37f49758cd |
| SHA512 | 29049a25a9f4ba90fac0de45a5bddb6d226f53d41d3d60a0b090a77c5b94cfe2bcc41d297c153b8d876b8f8912ae6112103adf96eed96cf32d04f6bd70994954 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\RevengeRAT.exe.log
| MD5 | 543dc5df3478625afefc72d81a6a1582 |
| SHA1 | 5fd3fdf398e3d1acea45111c4a5075b0e0b5412f |
| SHA256 | 949fcbdeb513a7c5b9c62b92600b9f386d123277caf1c31d81fe78e5503990ab |
| SHA512 | 5cd40d8de70f65b821d177210f54760d3ee399982e36158e2cbf8f3a6e30bdf86434af1fe2e65db1c96717fbe23c8ecc43dac4d5a977f6f5958ccaba26b4476f |
memory/5852-1972-0x000000001CD80000-0x000000001CE1C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\urb4hzih.cmdline
| MD5 | 69340b3aff93eec3bf6014abe4470b20 |
| SHA1 | abb105579055d4ef0af575a897aaf2193040c47f |
| SHA256 | 2eb1689eb7b9ca1af6f8a08ecd1ec126c163db737e6fdbd959c5507e74e3a0e6 |
| SHA512 | 0f840f84b64421d2f1fe91ed3202666e8d20edd31d0fce969c817fcc06073b52742f54cc69f93c4e7d039ff335f6baceeecf90e1f2d12a125a3e75cdf2b3d621 |
C:\Users\Admin\AppData\Local\Temp\urb4hzih.0.vb
| MD5 | eb057b2b26beedef7d931bf659fb6f18 |
| SHA1 | 3136c99b96686db9ded50aa19b55155c752551d5 |
| SHA256 | 3066d848e6fa1f1a5041286509fe0319b7e5cf96941f2f3914af9873aaeeb414 |
| SHA512 | 6d40f52117023ea3171c49cb544c13b703c220a49b7f251d9d4d14332ef637d14ca28e425e723d0906ef31ae77335e38a9e7ced009cde90645b31dde4cea8f32 |
C:\ProgramData\svchost\XjtnxDp.ico
| MD5 | 42d552558e7e6f7440b2b63a6cde217f |
| SHA1 | 9c8fa01060f667cf3b0caad33e91fa59e643cf76 |
| SHA256 | 11b5a0730666935c78d22b379f83ea5fc30d1afdea09a796b4f18b38a1e1ef69 |
| SHA512 | e6a6dc1239b9668e7ffc883b3cf46aff8c9f86ef11ae975f6fb65531d8b9313acd7608272042e322fad415a45c0cf767252d2c620ad066e6809656af0f09441b |
F:\svchost\svchost.exe:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Windows\SysWOW64\remcos\logs.dat
| MD5 | a58a65065da240e3a546a7125bb7b205 |
| SHA1 | 550b131e3aa4d4dc6cc32da828e7b160b8879c48 |
| SHA256 | 1934def35be64496ed423eb2d8c40ec5d06e03cf52470db7083776dea4ea1be9 |
| SHA512 | 7d7bac7587461748b91c6e2ac81e2b28bfc9272502dc45f137047f00b73df5a5f9b1de437a8845589adb2b334887d2c1b6930f7302c95697bc6c76656a1b3c60 |
C:\Users\Admin\Downloads\Unconfirmed 21891.crdownload
| MD5 | 29a37b6532a7acefa7580b826f23f6dd |
| SHA1 | a0f4f3a1c5e159b6e2dadaa6615c5e4eb762479f |
| SHA256 | 7a84dd83f4f00cf0723b76a6a56587bdce6d57bd8024cc9c55565a442806cf69 |
| SHA512 | a54e2b097ffdaa51d49339bd7d15d6e8770b02603e3c864a13e5945322e28eb2eebc32680c6ddddbad1d9a3001aa02e944b6cef86d4a260db7e4b50f67ac9818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | de69d544ebc4f53e6a37577a9d7d9f47 |
| SHA1 | 06abf1b52cd07dd7e484fa6815363a3f5da48d8f |
| SHA256 | 430abd9b39c943492834273cf2ecc58fe7d5a9f3e1b9586fe7cbfc8c27be29bf |
| SHA512 | bdbf2a1a841ae31785112287053aa1ba7cca18507073c6ae36df994bc975cbb5b79f81f18641bcfa7575a0e92990ee9a8be78ea5cae8e8c9692c3d2f6f0a9525 |
C:\Users\Admin\AppData\Local\Temp\vbc5EF2CDA771CB482586E71D3C1C4ADB9E.TMP
| MD5 | 3906bddee0286f09007add3cffcaa5d5 |
| SHA1 | 0e7ec4da19db060ab3c90b19070d39699561aae2 |
| SHA256 | 0deb26dcfb2f74e666344c39bd16544fcaae1a950be704b1fd4e146e77b12c00 |
| SHA512 | 0a73de0e70211323d9a8469ec60042a6892426e30ad798a39864ba123c1905d6e22cb8458a446e2f45ec19cf0233fa18d90e5f87ec987b657a35e35a49fea3b0 |
C:\Users\Admin\AppData\Local\Temp\vbc42400940C14904B5CBA0EAF0D374F.TMP
| MD5 | 85c61c03055878407f9433e0cc278eb7 |
| SHA1 | 15a60f1519aefb81cb63c5993400dd7d31b1202f |
| SHA256 | f0c9936a6fa84969548f9ffb4185b7380ceef7e8b17a3e7520e4acd1e369234b |
| SHA512 | 7099b06ac453208b8d7692882a76baceec3749d5e19abc1287783691a10c739210f6bdc3ee60592de8402ca0b9a864eb6613f77914b76aec1fc35157d0741756 |
C:\Users\Admin\AppData\Local\Temp\vbc17F722B4CCA04339B5D979114566A872.TMP
| MD5 | dac60af34e6b37e2ce48ac2551aee4e7 |
| SHA1 | 968c21d77c1f80b3e962d928c35893dbc8f12c09 |
| SHA256 | 2edc4ef99552bd0fbc52d0792de6aaa85527621f5c56d0340d9a2963cbc9eed6 |
| SHA512 | 1f1badd87be7c366221eaa184ae9b9ae0593a793f37e3c1ce2d4669c83f06de470053550890ad6781b323b201a8b9d45a5e2df5b88e01c460df45278e1228084 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f16913356c8ab87d4819207bfa80088a |
| SHA1 | 21ac71963204c50a326a633819ab3a29e5cf89cf |
| SHA256 | 22069a6d0095f2ad449f446e21f5b2647f4a72f9c712d7df1ace4cb7d0bd7a1d |
| SHA512 | 6a875ced66db63b0cf6d21f726b01c7cb5f86bd35b7f8a58446328158f8b4c01c200794f4704472454cb0141cfc523bb2100fcf58474feca3a47f654354b4260 |
C:\Windows\SysWOW64\remcos\logs.dat
| MD5 | cc230b71b999d4ce697ebaa65c2559b0 |
| SHA1 | 1b65631f205873fdeb06b8ca74ebeb685ed1eefe |
| SHA256 | bbb18b7d3da496a5fc1adba3761c0a55e0ad23254a0f353715bd9e7f32ff3767 |
| SHA512 | 4ac515f575a4b1cc381dd146ef7110559f3f158b178ac51f77b4252f78336ac0eb2469620e9adcf92b5fd429afa8054ce396b7ae05abbc9d20594094d2ac4c5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 60923118605562732a6816c2d8fc396c |
| SHA1 | 16f5dc112dac06ec62978487a352d10051c9f756 |
| SHA256 | 68e40dbfb9de67a97c4fd33ae40307950e41e35782db08113489a883c6ae59ee |
| SHA512 | 4fabefce50b1a059dc455d5c6b05fe17fccb0c802bb3943ce2ac69cb0f35dc8eab45051af5c1ca5e08f8adc0e9e7cea29b29a72dd10a0957d90f017d39c4f8e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 48bd02032f0f2341dda4d4c071f3605a |
| SHA1 | d7b80e8d350215e0c99488abecc4a793bd01adc7 |
| SHA256 | 02b89a2bb628c593222efb552f15a7e2a0acca1dc1a9886611befd10569bde6f |
| SHA512 | 1fb8a4f8d4ad267c3deb761fb55f52721cf80f55423a256ae36536b1ec6c7e484125dd3f5475ca43e588408425ae38e3aefeb9aba91227eff90f526e1594ea84 |
C:\Windows\SysWOW64\remcos\logs.dat
| MD5 | 46e27c44334377a43560025f3b98bf75 |
| SHA1 | 93cb9696bf3ce4c98901b9c174c44a62e9f99c80 |
| SHA256 | 5fbb4479b43b1b3949f47cbad166b2e9d64f9c9c6871d2c5f25f8c5af60a8e02 |
| SHA512 | 5f21fae19dc386a89d6b811a25e9fa6f23e79fe8f934de86459547cc352e13b0d033ecbba5a6e171985d442fd4705b920fefb8eece6adba076a18658de30a37f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 850eed1b726ce4b6c253d86dc6248b09 |
| SHA1 | e0fc83573c86ffdfc3764b629aed7790f1b955e1 |
| SHA256 | 32f60fc78b05535a2c14d564b79c0595f1986ecfde6abc5f42001b8177979255 |
| SHA512 | 89fd8596d711a46f2bced0d8736f509a6f0470c6eb6b2343fcf5bdc1a35ee6cee132f53f5137e06b4e907cd59c9404cf1523ec8b9b09436d325b457e078538c5 |
C:\Windows\SysWOW64\remcos\logs.dat
| MD5 | 3e5d08b9eaef43a28e043d52041138f1 |
| SHA1 | a7bbc4d58483d4e49791421efc6b2ac78fa3ffb1 |
| SHA256 | 143e2634eded30e5cd1fd6945e0261018bd1ab189d4bf9f7a34f6083de1f85b1 |
| SHA512 | d3efcfe547cc11b7e161b09f73811971ebd42adf800b909d1ac3f8dbffcafbb2f6ad1cc5ea7289c8e3fe91aaaab8d0c0175b72007bf3fe4be34056fce70cd781 |
C:\Users\Admin\Downloads\Unconfirmed 538018.crdownload
| MD5 | 055d1462f66a350d9886542d4d79bc2b |
| SHA1 | f1086d2f667d807dbb1aa362a7a809ea119f2565 |
| SHA256 | dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0 |
| SHA512 | 2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9556bc1483acfa2cea3e446195b4a3b9 |
| SHA1 | cb2a1836056dc02dcfcaeb2395401194d11c91a9 |
| SHA256 | 2f63c4e11cca7d7419aeeb28b63691ee94e69e26740e5be02ea39453050517ed |
| SHA512 | a5aa859492efefd099af81ca0c916214ac8b0a5fe2fc9f16a0ee98cfe0f54de9c7ce2ef31c088b0305f36e3a9c2a60fd8b7cdc5708103e0126102ddea8f40c4d |
C:\Windows\SysWOW64\remcos\logs.dat
| MD5 | 9ce459619563fdd6fb00c9b593ce2c66 |
| SHA1 | 19c334a3e03fceed7f116349e941fc8ee55be110 |
| SHA256 | 9816f55a9545384dc82db1aefda5080bb2b30680950a967e2e4230751466b067 |
| SHA512 | 10777e40c53970fc6e2f6f44226197914e1704d297587f947a1b4ed07e66a578b30c2a1b87e173f4d56dbda38b9958b784e454a8ac13034dd571b3389a195e2d |
memory/3180-2417-0x0000000000400000-0x000000000056F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 427052319722a96d14d48326ad5872e1 |
| SHA1 | b4979309d23e38b3658de99d92d1b8f01f7d3094 |
| SHA256 | a0a01b1a6b2b435f1f61de0aeac86b264dd8de657f0aa77177047b14df21f68c |
| SHA512 | b2e9c021604f139948b34f6e4ee273275612a77c415dd5c95f2a076b74a187b91c15aa2e416cfcbe5e21dd02dac9d71f7a42957e572739c2098d0784852fed5e |
memory/3180-2436-0x0000000000400000-0x000000000056F000-memory.dmp
F:\svchost\svchost.exe.id-CA758743.[[email protected]].ncov
| MD5 | b31e93e83a320b9abc5de086f50a69be |
| SHA1 | 887db11c7ce8e7346546b29736c28ed2868f71af |
| SHA256 | 0a3f06db4e31913f4a6f07aff4a8d0728f5f0b5665adffe751a18a5f79c2c039 |
| SHA512 | a1c1dcef8bb3cc04d648fa5ad7003b5c46d56a7ec040e65d31c7dcf2b4263f05e190ce8697b18d040904e5f3c9c08847c0e58f0c01d6e2a4ea8d1cd0a1878ad6 |
memory/3180-8361-0x0000000000400000-0x000000000056F000-memory.dmp
memory/18236-14324-0x0000000000400000-0x000000000056F000-memory.dmp
memory/20948-14417-0x0000000000400000-0x000000000056F000-memory.dmp
memory/21116-14483-0x0000000000400000-0x000000000056F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5788ca4846920510d2c8eb6ad070506d |
| SHA1 | 44828ae530330c3c7d8370a722a745b5874ec680 |
| SHA256 | e332fad739b07e9241acae9606702198ed477c2bd23d9c22e804a2e919506253 |
| SHA512 | b703319fc62008e61656dd4b43c4465e484f32d30e760fc1e051c19409ead42d2f0ce6fd413e8bb6e849a45721a9e35a37369ae4221c5ffcfd3f587e0cec0058 |
memory/18236-20113-0x0000000000400000-0x000000000056F000-memory.dmp
memory/21116-20482-0x0000000000400000-0x000000000056F000-memory.dmp
memory/18236-20389-0x0000000000400000-0x000000000056F000-memory.dmp
memory/20948-21341-0x0000000000400000-0x000000000056F000-memory.dmp
memory/21116-21145-0x0000000000400000-0x000000000056F000-memory.dmp
memory/20948-21079-0x0000000000400000-0x000000000056F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 396b409b1a6afba37f7b63e2c9bef0c7 |
| SHA1 | 33b081a2fdd2b18d86f6e8ec830fe93c89275474 |
| SHA256 | fe66ee32c15d881c671824302ec186cbd80402d793f962f67d8f3f2f4a75d2c6 |
| SHA512 | 92e515e1d94ab199c7b97d89750e8d78d904257d578674baa6b45f7659ce399b2befb2ecfe8aa65b318e5eb3d764faa07497e8b82192e6d8226b9d4c2578bb3d |
C:\Windows\SysWOW64\remcos\logs.dat
| MD5 | d0fdd26752b21037b3b73f15fd82b25f |
| SHA1 | 974c5ed22df80d6a0bc553fa93934f56f1d32b02 |
| SHA256 | b41fb1867e7e744e2d75388271bf786bee5b573a20b71370e4daf08322cc0b37 |
| SHA512 | ab2e3f88e8bce063beecb6d5c8c0e24e8bfec8552517cc9eed9e53b66128e25d77377f89518be64d6e2d186b5dff2e08fe6ecd113b5e7376a38acdbb9c660f0f |
C:\Windows\SysWOW64\remcos\logs.dat
| MD5 | 668ba23a57c90e85cfa5232edce8e9c9 |
| SHA1 | d590054f6e63bb188433f0541465ff4600952e13 |
| SHA256 | b9e5acc1a251febfd36ac8a5acbf1cf6b6ae348e99f0b6d172b5b25b0014b900 |
| SHA512 | 19f71eef8c653c05c3ea20a83edfdabcdceff44eba8e4f4d2ab665b092c37761ae0e310987bc342051812eb0fcb922037d53e835cbf2f75fdacd709e887610ad |
C:\ProgramData\svchost\Recovery.exe.id-CA758743.[[email protected]].ico
| MD5 | 9430abf1376e53c0e5cf57b89725e992 |
| SHA1 | 87d11177ee1baa392c6cca84cf4930074ad535c5 |
| SHA256 | 21f533cb537d7ff2de0ee25c84de4159c1aabcf3a1ac021b48cb21bb341dc381 |
| SHA512 | dd1e4f45f1073fe9ab7fb712a62a623072e6222457d989ee22a09426a474d49a2fb55b393e6cbd6bc36585fa6767e7dca284fa960ea8cb71819f5e2d3abfaf78 |
C:\Users\Admin\AppData\Local\Temp\uRClgZblR.txt
| MD5 | afcdb79d339b5b838d1540bf0d93bfa6 |
| SHA1 | 4864a2453754e2516850e0431de8cade3e096e43 |
| SHA256 | 3628cee0bef5a5dd39f2057b69fbf2206c4c4a320ea2b1ef687510d7aa648d95 |
| SHA512 | 38e7e92f913822cc023e220035ada6944ffbc427023687938fe5cbb7a486abad94808239f63577c195afb520fe1a1a1b14e1050c0c03c7d324ddbf7cffdc304c |
C:\Windows\SysWOW64\remcos\logs.dat
| MD5 | 27bdb1c8076fd7006a4b0bdda637816b |
| SHA1 | 5285d80aab55bd43ce90c37208f67634c6ad9cd2 |
| SHA256 | 49f7a66caebfb7989c65fbcf09c82abbf3ec48d478e1fa78925379f0dbf9ac56 |
| SHA512 | 471f08cf976814d15964c0c73b01c0048097da1ce43007debb53eb22e33c1b8ad8ae740c171b8b5b238e2deb8caa66f4aa11bc014851a04480022a3e737fcfb9 |