Malware Analysis Report

2025-04-14 08:09

Sample ID 250307-scte2s11aw
Target https://github.com/Pyran1/MalwareDatabaseUnsorted/blob/master/Samples/000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607.exe
Tags
raccoon redline 8d179b9e611eee525425544ee8c6d77360ab7cd9 adware defense_evasion discovery infostealer persistence privilege_escalation stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Pyran1/MalwareDatabaseUnsorted/blob/master/Samples/000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607.exe was found to be: Known bad.

Malicious Activity Summary

raccoon redline 8d179b9e611eee525425544ee8c6d77360ab7cd9 adware defense_evasion discovery infostealer persistence privilege_escalation stealer trojan

Raccoon family

RedLine

Modifies security service

Raccoon Stealer V1 payload

Modifies WinLogon for persistence

Raccoon

Modifies firewall policy service

Adds autorun key to be loaded by Explorer.exe on startup

Redline family

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Boot or Logon Autostart Execution: Port Monitors

Event Triggered Execution: Image File Execution Options Injection

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Manipulates Digital Signatures

Boot or Logon Autostart Execution: Print Processors

Executes dropped EXE

Impair Defenses: Safe Mode Boot

Modifies system executable filetype association

Checks BIOS information in registry

Legitimate hosting services abused for malware hosting/C2

Checks whether UAC is enabled

Maps connected drives based on registry

Modifies WinLogon

Adds Run key to start application

Checks installed software on the system

Installs/modifies Browser Helper Object

Indicator Removal: Clear Persistence

Drops file in System32 directory

Drops file in Windows directory

Browser Information Discovery

Event Triggered Execution: Netsh Helper DLL

System Location Discovery: System Language Discovery

Modifies Internet Explorer start page

Suspicious use of FindShellTrayWindow

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious behavior: LoadsDriver

Modifies registry class

System policy modification

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks SCSI registry key(s)

NTFS ADS

Checks processor information in registry

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Reported

2025-03-07 14:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-07 14:59

Reported

2025-03-07 15:05

Platform

win10v2004-20250217-en

Max time kernel

360s

Max time network

319s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Pyran1/MalwareDatabaseUnsorted/blob/master/Samples/000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607.exe

Signatures

Adds autorun key to be loaded by Explorer.exe on startup

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad C:\Users\Admin\Downloads\Fagot.a.exe N/A

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit32.exe" C:\Users\Admin\Downloads\Fagot.a.exe N/A

Modifies firewall policy service

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\AppIso\FirewallRules C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\AppIso C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedInterfaces\IfIso C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedInterfaces C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\Mdm C:\Users\Admin\Downloads\Fagot.a.exe N/A

Modifies security service

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\MPSSVC\PARAMETERS\ACSERVICE C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wuauserv\TriggerInfo\1 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wuauserv\TriggerInfo\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wscsvc\Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mpssvc\Security C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mpssvc\Parameters\PortKeywords C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mpssvc\Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wuauserv\TriggerInfo C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Security C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wscsvc\Security C:\Users\Admin\Downloads\Fagot.a.exe N/A

Raccoon

stealer raccoon

Raccoon Stealer V1 payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Raccoon family

raccoon

RedLine

infostealer redline

Redline family

redline

Identifies VirtualBox via ACPI registry values (likely anti-VM)

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5A604D2C-E968-429B-8327-62B5CE52126D} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{23A20C3C-2ADD-4A80-AFB4-C146F8847D79} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{990CB269-A600-38D0-B7D1-FBD392495F13} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A6EADE66-0000-0000-484E-7E8A45000000} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{25FFAAD0-F4A3-4164-95FF-4461E9F35D51} C:\Users\Admin\Downloads\Fagot.a.exe N/A

Boot or Logon Autostart Execution: Port Monitors

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\USB Monitor C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Local Port C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Appmon\Ports C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\WSPrint\OfflinePorts C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Microsoft Shared Fax Monitor C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Appmon C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Ports C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\WSPrint C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\IPP C:\Users\Admin\Downloads\Fagot.a.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\splwow64.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdxhelper.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoasb.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieUnatt.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ngen.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoadfsb.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieinstal.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SystemSettings.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrServicesUpdater.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PrintIsolationHost.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosrec.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfeedssync.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrCEF.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PresentationHost.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ielowutil.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PrintDialog.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ngentask.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ie4uinit.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runtimebroker.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshta.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvw.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ExtExport.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{A7F4C378-21BE-494e-BA0F-BB12C5D208C5} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2006 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{31D1ADC1-D329-11D1-8ED8-0080C76516C6} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.3 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.3 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{D1D04F0C-9ABA-430D-B0E4-D7E96ACCE66C} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetCaps\{C689AAB8-8E78-11D0-8C47-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetCaps\{DE351A42-8E59-11D0-8C47-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{CF78C6DE-64A2-4799-B506-89ADFF5D16D6} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\Certificates\11194FAB14616ED8259FB94DCD17CE99DAB04CDD C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{6078065b-8f22-4b13-bd9b-5b762776f386} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{D41E4F1F-A407-11D1-8BC9-00C04FA30A41} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{5598CFF1-68DB-4340-B57F-1CACF88C9A51} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSealedDigest\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{6078065b-8f22-4b13-bd9b-5b762776f386} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2130 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{5598CFF1-68DB-4340-B57F-1CACF88C9A51} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllProtectPrompt C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{000C10F1-0000-0000-C000-000000000046} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2011 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{0AC5DF4B-CE07-4DE2-B76E-23C839A09FD1} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{5598CFF1-68DB-4340-B57F-1CACF88C9A51} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{0AC5DF4B-CE07-4DE2-B76E-23C839A09FD1} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{7801EBD0-CF4B-11D0-851F-0060979387EA} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.28 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2009 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{CF78C6DE-64A2-4799-B506-89ADFF5D16D6} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{603BCC1F-4B59-4E08-B724-D2C6297EF351} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{0F5F58B3-AADE-4B9A-A434-95742D92ECEB} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSealedDigest\{C689AAB8-8E78-11D0-8C47-00C04FC295EE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine C:\Users\Admin\Downloads\Fagot.a.exe N/A

Boot or Logon Autostart Execution: Print Processors

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows x64\Print Processors\winprint C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows x64\Print Processors C:\Users\Admin\Downloads\Fagot.a.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\Downloads\Fagot.a.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\IconHandler C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\runas C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\PropertySheetHandlers C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\DropHandler C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\tabsets C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\PintoStartScreen C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell\open C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Compatibility C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DropHandler C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\runas\command C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\DropHandler C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\DefaultIcon C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\OpenContainingFolderMenu C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\runasuser C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\runasuser C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\open\command C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\open C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\edit\command C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\PropertySheetHandlers C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell\open\command C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shellex\DropHandler C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell\open\command C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\runasuser\command C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\runas\command C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\edit C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell\open C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shellex C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\DefaultIcon C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\IconHandler C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\CLSID C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\DropHandler C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\command C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\PropertySheetHandlers C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\{8895b1c6-b41f-4c1c-a562-0d564250836f} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\runas C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\print\command C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\print C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell C:\Users\Admin\Downloads\Fagot.a.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\dllhost32 = "C:\\Windows\\system32\\dllhost32.exe" C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\Downloads\Fagot.a.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A

Indicator Removal: Clear Persistence

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\splwow64.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runtimebroker.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvw.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieinstal.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ie4uinit.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrServicesUpdater.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrCEF.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PrintIsolationHost.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosrec.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ielowutil.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ExtExport.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SystemSettings.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ngentask.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoadfsb.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshta.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdxhelper.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoasb.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieUnatt.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PrintDialog.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PresentationHost.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ngen.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfeedssync.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Users\Admin\Downloads\Fagot.a.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Maps connected drives based on registry

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum C:\Users\Admin\Downloads\Fagot.a.exe N/A

Modifies WinLogon

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName = "COCK_SUCKING_FAGGOT" C:\Users\Admin\Downloads\Fagot.a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AltDefaultUserName = "COCK_SUCKING_FAGGOT" C:\Users\Admin\Downloads\Fagot.a.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\dllhost32.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\progman.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\shutdown.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\ntkrnlpa.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\Windows\SysWOW64\alg.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\Windows\SysWOW64\wuauclt.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\chcp.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\Windows\SysWOW64\MDM.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\regedit.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\alg.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\ctfmon.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\Windows\SysWOW64\imapi.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\MDM.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\services.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\Windows\SysWOW64\wowexec.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\Windows\SysWOW64\dllhost32.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\imapi.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\recover.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File opened for modification C:\Windows\SysWOW64\userinit32.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\bootok.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\Windows\SysWOW64\chcp.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\dumprep.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\Windows\SysWOW64\win.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\Windows\SysWOW64\userinit32.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\Windows\SysWOW64\progman.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\chkntfs.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\Windows\SysWOW64\ntkrnlpa.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\win.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\WINDOWS\SysWOW64\userinit.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\autochk.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\Windows\SysWOW64\dumprep.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\Windows\SysWOW64\logon.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\Windows\SysWOW64\services.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\wowexec.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\wuauclt.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\Windows\SysWOW64\userinit32.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\ntoskrnl.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\Windows\SysWOW64\ntoskrnl.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\Windows\SysWOW64\bootok.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\logon.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
File created C:\windows\SysWOW64\systray.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\NOTEPAD.EXE C:\Users\Admin\Downloads\Fagot.a.exe N/A

Browser Information Discovery

discovery

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Users\Admin\Downloads\Fagot.a.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WinNuke.98.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\Storport C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\Storport C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\Storport C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\Storport C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\Storport C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Storport C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\Storport C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\Storport C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\Storport C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\Storport C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Storport C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Storport C:\Users\Admin\Downloads\Fagot.a.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 C:\Users\Admin\Downloads\Fagot.a.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{4FA211A0-FD53-11D2-ACB6-0080C877D9B9} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{39A2C2A6-4778-11D2-9BDB-204C4F4F5020} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C2C4F00A-720E-4389-AEB9-E9C4B0D93C6F} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0F6A72B9-D3C5-4FCE-89A3-4E3D19C3580A} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA\SOUNDS C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\XMLHTTP C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AF604EFE-8897-11D1-B944-00A0C90312E1} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{44C79591-D0DE-49C4-BA3C-A45AB7003356} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\RunDLl32Policy\cnmsm5v.dll C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{EDC0F17F-F4B7-47E4-B73E-887FAEB376FA} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Capabilities\FileAssociations C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\RunDLl32Policy\cnmsm7b.dll C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.dir C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D9BB4CEE-B87A-47F1-AC92-B08D9C7813FC} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C46C1BC4-3C52-11D0-9200-848C1D000000} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{b4b3aecb-dfd6-11d1-9daa-00805f85cfe3} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AA13BD85-7EC0-4CC8-9958-1BB2AA32FD0B} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{930FD02C-BBE7-4EB9-91CF-FC45CC91E3E6} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F2175210-368C-11D0-AD81-00A0C90DC8D9} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6C095616-6064-43CA-9180-CF1B6B6A0BE4} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{3f8a6c33-e0fd-11d0-8a8c-00a0c90c2bc5} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Capabilities\SearchSuggestions C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{33d9a761-90c8-11d0-bd43-00a0c911ce86} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{03D9F3F2-B0E3-11D2-B081-006008039BF0} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\RunDLl32Policy\cnmsm7s.dll C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Capabilities\Roaming\FormSuggestAskUser C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{931a8c29-3ea9-494d-91e7-22e9a9247687} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{81361152-FAF9-11D3-B0D3-00C04F612FF1} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6F225D94-9318-11D4-9223-005004B34F28} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E554-0000-0000-C000-000000000046} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E532-0000-0000-C000-000000000046} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\UnattendBackup\ActiveSetup\DisableFirstRunWizard C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AD5FBDB8-C518-47F7-B4F1-F1F58D21A716} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8FE85D00-4647-40B9-87E4-5EB8A52F4759} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{03405269-b4e2-11d0-8a77-00aa00a4fbc5} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{EC85D8F1-1C4E-46E4-A748-7AA04E7C0496} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Capabilities\Roaming\TabRoaming C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\ULINKS C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{FF2BBC4A-6881-4294-BE0C-17535B1FCCFA} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E80353D3-677D-11d2-875E-00A0C93C09B3} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{812AE312-8B8E-11CF-93C8-00AA00C08FDF} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\Restriction Policies\Hashes\C1637989205DAFC7035F8D43D76CF87FD11E99DB C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Capabilities\MIMEAssociations C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C3EB1670-84E0-4EDA-B570-0B51AAE81679} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6F750201-1362-4815-A476-88533DE61D0C} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{02466323-75ed-11cf-a267-0020af2546ea} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E9CB13DB-20AB-43C5-B283-977C58FB5754} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E673DCF2-C316-4C6F-AA96-4E4DC6DC291E} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C679DECC-5289-4856-B504-74B11ADD424A} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{5D80A6D1-B500-47DA-82B8-EB9875F85B4D} C:\Users\Admin\Downloads\Fagot.a.exe N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "www.blacksnake.com" C:\Users\Admin\Downloads\Fagot.a.exe N/A

Modifies registry class

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7C50E1E9-DB15-4410-89C5-D27F4B727368} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\AuxUserType\2 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\shell\print C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F268-98B5-11CF-BB82-00AA00BDCE0B} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpeg\shell\AddToPlaylistVLC\command C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\ms-quick-assist\Shell\Open\Command C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\DVD\shell\PlayWithVLC C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.pptxml C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.mapimail\PersistentHandler C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Forms.SpinButton.1 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\bootstrap.vsto.1\CLSID C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{C660D7A6-D1DD-3E9D-85EB-F844791E2DAE} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B691E011-1797-432E-907A-4D8C69339129}\6.0\FLAGS C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{000C030D-0000-0000-C000-000000000046}\ProxyStubClsid32 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Word.DocumentMacroEnabled.12\shell\Printto C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Word.Document.12\shell\OnenotePrintto\command C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1DDDB704-CF99-4B8A-B746-DABB01DD13A0}\ProxyStubClsid32 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Word.OpenDocumentText.12\shell\New\command C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WMP11.AssocFile.FLAC\shell C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\GCSXFile C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{39843BF2-C4D2-41FD-B4B2-AEDBEE5E1900}\ProxyStubClsid32 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{C888351B-5DFD-3A9F-8D36-96E7770D0EBF} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.TemplateMacroEnabled\shell\New\ddeexec C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DF48072F-5EF8-434E-9B40-E2F3AE759B5F} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BF032216-2C7F-4682-84C1-76EF432D840B} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDE0D630-7801-47cd-984E-1F0AFBC5ACBF}\ProgID C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{1D415254-6D7E-315C-86CC-90A641A57703} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{048FA0C2-8EBB-3BC2-A47F-01F12A32008E} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.fh\AppXj4qrs60k02d8kcd8ycgdx89mga9t57z3 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\Dependents C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\FDate.Factoid\CurVer C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DF2BBE39-40A8-433B-A279-073F48DA94B6}\1.0\FLAGS C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED13477-E909-45BC-BADC-2106D04D6BD7}\Programmable C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{F04DAF91-E45E-301A-9038-5F5738A64FDA}\15.0.0.0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{0E37EEFA-84BD-300E-8AB4-7CFC2C8C3F38}\15.0.0.0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\ms-people C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AudioVBScript.1 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.xfdf\AcroExch.XFDFDoc C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.wmx\PersistentHandler C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.rct C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6F81EA95-074E-48D4-AA96-62197E0AE96F}\TypeLib C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{41487E33-9A10-42FE-BA3B-15FDE59D09D5} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{000CDB0D-0000-0000-C000-000000000046}\InprocServer32 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\tel\AppXvvr0sjtc34r6nk4mhn2e608s2xp2tezg C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.png\PersistentHandler C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AF538114-BD14-53B0-B1D1-841DCAA451AD} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Word.Document.12\Insertable C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mp1\shell\AddToPlaylistVLC C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\themefile\shellex C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{A9BE00DF-7346-37EF-AA43-8C68F18230D8}\15.0.0.0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{8351108F-34E3-3CC9-BF5A-C76C48060835}\2.0.0.0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\OrgPlusWOPX.4\shell\open C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Media C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}\1.0\0 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F73605E1-E491-4012-90BE-F8AAF1A8D179}\ProxyStubClsid32 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{51973C22-CB0C-11D0-B5C9-00A0244A0E7A}\ProxyStubClsid32 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5007373A-20D7-458F-9FFB-ABC900E3A831}\ProxyStubClsid C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9DF1F64D8EF250D42BCA10C1326BB942\SourceList\Net C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\awdvstub.exe C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.ttc\PersistentHandler C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83E4294C-E0BB-4E62-AC48-00F226021136} C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\NumMethods C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{000C037A-0000-0000-C000-000000000046} C:\Users\Admin\Downloads\Fagot.a.exe N/A

Modifies system certificate store

defense_evasion spyware trojan
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\Certificates\D73F0C22273FA4C717A3A735F7E992F31190F010 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\Certificates\CE97FCF4ABACBFC662AF418EA1D4862F951D3D5D C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\51501FBFCE69189D609CFAF140C576755DCC1FDF C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\Certificates\2BD63D28D7BCD0E251195AEB519243C13142EBC3 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices\Certificates C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\Certificates C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\Certificates\6CA22E5501CC80885FF281DD8B3338E89398EE18 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\Certificates C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\CTLs C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7E04DE896A3E666D00E687D33FFAD93BE83D349E C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs\27748148BBE67A43CDBFEC6C3784862CE134E6EA C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\B68D8F953E551914324E557E6164D68B9926650C C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\CTLs C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\CRLs C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\06F1AA330B927B753A40E68CDF22E34BCBEF3352 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\FlightRoot C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\CRLs C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\2C85006A1A028BCC349DF23C474724C055FDE8B6 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\31F9FC8BA3805986B721EA7295C65B3A44534274 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\CRLs C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\Certificates C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\92B46C76E13054E104F230517E6E504D43AB10B5 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\Certificates\A4B37F4F6DE956922273D5CB8E7E0AAFB7033B90 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\Certificates C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\CTLs C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\Certificates\8A334AA8052DD244A647306A76B8178FA215F344 C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\Certificates\9E78FB9F9527D859700D303DFA589B3073951DCB C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\Certificates\11194FAB14616ED8259FB94DCD17CE99DAB04CDD C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\Certificates C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3B1EFD3A66EA28B16697394703A72CA340A05BD5 C:\Users\Admin\Downloads\Fagot.a.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 649753.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 594842.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 649406.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 673524.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 370119.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\Fagot.a.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4480 wrote to memory of 1276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection\Users C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Users\Admin\Downloads\Fagot.a.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard C:\Users\Admin\Downloads\Fagot.a.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Pyran1/MalwareDatabaseUnsorted/blob/master/Samples/000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9dbc746f8,0x7ff9dbc74708,0x7ff9dbc74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5068 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8

C:\Users\Admin\Downloads\000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607.exe

"C:\Users\Admin\Downloads\000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607.exe

"C:\Users\Admin\Downloads\000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3448 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6348 /prefetch:8

C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe

"C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe"

C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe

"C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe"

C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe

"C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe"

C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe

"C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2

C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe

"C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4056 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 /prefetch:8

C:\Users\Admin\Downloads\WinNuke.98.exe

"C:\Users\Admin\Downloads\WinNuke.98.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7088 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8

C:\Users\Admin\Downloads\Fagot.a.exe

"C:\Users\Admin\Downloads\Fagot.a.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3544 /prefetch:2

C:\Windows\System32\smss.exe

\SystemRoot\System32\smss.exe 000000b0 00000084

C:\Windows\System32\smss.exe

\SystemRoot\System32\smss.exe 000000ac 00000084

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 teletop.top udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 teletop.top udp
US 8.8.8.8:53 teletop.top udp
US 8.8.8.8:53 teletop.top udp
US 8.8.8.8:53 teletop.top udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 teletop.top udp
US 8.8.8.8:53 teletop.top udp
US 8.8.8.8:53 teletop.top udp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
US 8.8.8.8:53 teletop.top udp
US 8.8.8.8:53 teletop.top udp
RU 95.181.152.12:44159 tcp
GB 20.26.156.210:443 api.github.com tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
US 8.8.8.8:53 teletop.top udp
US 8.8.8.8:53 teleta.top udp
RU 95.181.152.12:44159 tcp
US 8.8.8.8:53 teleta.top udp
US 8.8.8.8:53 teleta.top udp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
US 8.8.8.8:53 teleta.top udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 teleta.top udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
RU 95.181.152.12:44159 tcp
US 8.8.8.8:53 teleta.top udp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
US 8.8.8.8:53 teleta.top udp
US 8.8.8.8:53 teleta.top udp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
US 8.8.8.8:53 teleta.top udp
US 8.8.8.8:53 teleta.top udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
RU 95.181.152.12:44159 tcp
US 8.8.8.8:53 teleta.top udp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp
RU 95.181.152.12:44159 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 530542a18a6a8ed6ee368e1ef7dc5b6c
SHA1 dbe2ed90dc289b52318ab71c4e1afd4761458a2b
SHA256 d82bae18f65b2d3bfba38ea5eaada2191503fb0d723b8788eb4f664ac553a718
SHA512 50d2ab00f22e942d3fc7293ba30dc7cb91bff5faf91c16b970d99f59865d5f1f7c58b4e886658779cb4b15bc21cc998d04d20fe3043cf5a2379f9a6befb37571

\??\pipe\LOCAL\crashpad_4480_VGMVHVQJHJAQQNEB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0d47548749f21064e18eeb2a53583399
SHA1 6c4623c7977090ccde01d48745b02d9485de838e
SHA256 2cfa2f680e7a0b94fe69e1cf5415effa1bc7982754a4adb806c04b5666f1ac45
SHA512 148ad4ea174563b4effcf6f4a0fdf5f0c86f9637c21a11407974ab603e0867b3a0dcfd9f53b57bfec7fdf1767edd74d09fb58cb806cde17fad50158ba5cc8f40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cb6fc34faed64683507d8acb66bce865
SHA1 4ad617c221726fb94627b6688132cda2712cfe55
SHA256 7ec56d7eaa20292bc755349e83f5c016a9c9919664a5d019af0114af77043a7a
SHA512 74453618befe772e41663909a4ff55e16821a95ca19b467660f081af7ca80a439e411562ae5a4f0bdc7b9344501cda85bbfacfae4ae19010d9627939396be01e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 422a4991b3b711327cb14bfc4931c024
SHA1 7567c5c28635709982180eed73548a5c16956598
SHA256 5529d75c7b86fd802150bfea8bedff5394a61b9db2a3146f3c79f7ae1443477c
SHA512 320dd372b4983af539ff1316641fcea3393a21dc4c5a2a676605fe380b1a38901191824f2411b1c16a4b7313b710267701382b7adc2538ef605ef757c80e599b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3cb0607b054037c711f1d00e4165502f
SHA1 0ad1420d0a8fa775831c24d9a3b2f68357f579a2
SHA256 5b115828afb20e8ac73fc0882f1cff32ac99882455efaa04de9705537f376d08
SHA512 f6b35aee10910931fc8bd4925e9ccf9b91a66e2694fb3e036b0f31e9feacde4e0ca1e7d589809205f3d4df910a723447a19491248f8588a59212af4c861d5061

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 7b706f81ccfddbd2defe1dae334468b0
SHA1 8eaee7ac615073c268177d2938f08c1d72c9dd92
SHA256 fc464dd3dfc999d09fa7bb9c66eecb61dd942e386382027383dd7c8cc71a0221
SHA512 7c3a0dd7258c8ae1516e7b3f469c61d53161ee3ae8a3e82050dc70b56be2875eac8e3411636baec9a4e2a9d5cff6a552117d946f39fd9fcea4ad682d6412d995

C:\Users\Admin\Downloads\Unconfirmed 673524.crdownload

MD5 a29b233216094ad01ecd5c5405bda21c
SHA1 874b0eab36e5951df9a129ae272c627d661a69a4
SHA256 000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607
SHA512 11365254b7b91b1ea81ce84a4c05ff18b9c60f4e97c32d8c770adc9168798553768ef271ccfca812b8d10e2330fb3c95d8fbcb9a01d61454619483682cdae63e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c14d798b5bd4196e53c4c61575f3b927
SHA1 200c187b2a636aa5902f10bd04c89a179d9b2f44
SHA256 f15024aae0336de3ac32a4dca0390653a5b0cf47b97023cd62128ffa585d41fa
SHA512 14d074aee70ae200eb4755516ca8fe3327edc370aec9472e1c31ad85351aca69966c9f23cedb57ce199b6d978fdbdf4c154528efbe7fd132847b67cb2d2914e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ed23401b6e689845464cd0bf3da53646
SHA1 6e8383154ebf7717f14556c970d1d682114d6fc3
SHA256 1bd2bd37636c6e25617746120f9e131b0b58069f18e5e335f79a12c46638a285
SHA512 4a159a17a00c5f5ab4a03a094b444050ff6f3e1bf5d8be3009a63d4b40e14e3c714ab5f9f537639e93f95c045d9decef904c0fa1c4a05e8afb929dcc164f0d94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d14a.TMP

MD5 1d97a2cdb17244b8c16ff8f3fd9dd188
SHA1 b476cbf4543744b21aefb511c249676784a1f4ca
SHA256 448b0b3cc27be6bbbdf4f44d6eb0942dbae070e707ccbf7b87c0dbe523352589
SHA512 a1bda07fa6ef19f62e0bc55db95446e7466c93b236a70224c913999b694eceac79a6988c4f3ca822767a5d4e1f07fc5c96376fd895a8ffcb71a5bc833dbfa58a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d4345916e7a599252a6f5db049acca57
SHA1 198700c5fbfa61c9ac790f01008e78e4a504afa1
SHA256 962fefebe629bf9c3ae3cadaefa28e014859716170034bd6d46d8fcc599df898
SHA512 da555271a8490588c3bb71bc630f4980f4786a7fe669869ddb2a0cbd73030c029d1d18d5cd8cf216fb2a9156e0f4ac08f006b8aa78bb258459adf7d608574fa5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5d7fb68098e37d4239f0e1bbcad3d2f0
SHA1 bbea7b962d30d0f7cba7855315ac65f5fe54ce8a
SHA256 7be6e2c69ca7160ab50192f80531ca3eddf8b96509403f05ef92fd0bb880b45f
SHA512 344ee47ee9ab9fd3ca379480e17f5ce168778cce382d967ec6fb5014ca9bb0b5ff2558976eef77f073098b8dde71678d9d85e18eb45fd1800b6c5308748120c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 950517922218e29149700596305c51fc
SHA1 cee311cb012f047d922038dc82768035eb98bd36
SHA256 06763c14a353d5f6935538d96d4b120cb3f2f196f9636b0bf61818050585b3d0
SHA512 98236587c98d00c8c3925eaa3764b21d4de806561fa2dfe8eaee8b4c3e004f87bc0fe230603c43e072c3f9c94b943889e7ae9fae182d79e0d3e5f84661f18638

memory/5036-258-0x0000000000400000-0x0000000000491000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 296d67fdc47426ce80c40e9f1d4e85ff
SHA1 8102cda50aa71f7729ef547511789bf0b7c1f77b
SHA256 a5044da57131aee7e32a88f6d754f7a14539b1cf2427d14e5c7630a2c5c035d1
SHA512 fdcd20f57e025f4ddea856255021988f9aa639c506429ebf12d0c14a3dba6448d10d87262a19efdd3792e3af19384128e9695e05e2c32c00fa325d97c386d0fc

memory/3368-291-0x0000000000400000-0x0000000000491000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f27ed958e1ac5d59278dbe10e34865e2
SHA1 c003f415b2942510a0f7adc5b41f7e2bc14394f4
SHA256 c3a7404c67078e04ba08b496bd13fd25416feb35d6cd8c021b2a2f79fa7b1598
SHA512 dff1a1812ff4e30dbd1cdc7addca61afed9db876813c13779446901ae0361e9cfa31ddcb67ab46a44d235971eabef17fc05f3badb926be3869ad9e2f6a43a049

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 1b2510252d927858a861b7567b09193f
SHA1 cd2ccc85e7e438aae22e27ad692c5f25cbd0b1ac
SHA256 c916ec16688b5ef1f60c29272d80b9121566c8dab4b228cc338fc8ca2447042f
SHA512 c4c610241f50e011f19e248041f8fdeb644092aba6795a5470b2a5ad516e7bf6ee9555dd99ce7376502e4bebada57469ffdce9433a74f2afa001aad9660750fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e9426563d1e1e9e3ebd5144de6e2602b
SHA1 fbbcc0b10a409e4ace9b6beff98726eb12037fa5
SHA256 4bc662b76e3abb365212a0138fc809b755f26e0a4d7ebcd665b786a0427f2d54
SHA512 081b669c115c26972d40805750e634f3b787bfb79fa5b6a6881761e216149e2b879f6d58a1fb4afea72d5afff2ec6aa548df95960571c0e78351aaaaefa1a447

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 27171ca076dd6f8d4d5456b4b654213d
SHA1 ccf3273b136bb62e84b15cfca86deb6c367767f2
SHA256 b33615918f1e91a3c17cfab5071d28b94c195ddbdef725dd1cc7819b31b552f0
SHA512 4c17fad819230ebec00b9fd4be7593344c0e946a9b9d25ea517600ae54be64b2d237b30ef68e11dc3d04a0ccb399b4beecf6f42778e0ee919c58d36dc15a2a84

C:\Users\Admin\Downloads\Unconfirmed 370119.crdownload

MD5 27c325bb5e2dc3a9fb5c0b4437bc243f
SHA1 9880c96589a67b363377cffd1c565e1e60502afa
SHA256 001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3
SHA512 916c2b7890a83e650efbedf669fef1883771d17d745a5d3affe942825da44b7467b16ee12cd83c7d6f50cb5ba92a86dfa0f7fc6124bcbc73b1ffc36cf95e6691

memory/5268-390-0x0000000000400000-0x00000000006FE000-memory.dmp

memory/5268-392-0x0000000000400000-0x00000000006FE000-memory.dmp

memory/5268-393-0x0000000000400000-0x00000000006FE000-memory.dmp

memory/5268-394-0x0000000005D10000-0x0000000006328000-memory.dmp

memory/5268-395-0x00000000063D0000-0x00000000063E2000-memory.dmp

memory/5268-396-0x00000000063F0000-0x00000000064FA000-memory.dmp

memory/5268-397-0x0000000006500000-0x000000000653C000-memory.dmp

memory/5268-398-0x00000000065D0000-0x000000000661C000-memory.dmp

memory/5124-400-0x0000000000400000-0x00000000006FE000-memory.dmp

memory/5124-401-0x0000000000400000-0x00000000006FE000-memory.dmp

memory/428-403-0x0000000000400000-0x00000000006FE000-memory.dmp

memory/5528-407-0x0000000000400000-0x00000000006FE000-memory.dmp

memory/428-406-0x0000000000400000-0x00000000006FE000-memory.dmp

memory/428-405-0x0000000000400000-0x00000000006FE000-memory.dmp

memory/5528-408-0x0000000000400000-0x00000000006FE000-memory.dmp

memory/5528-409-0x0000000000400000-0x00000000006FE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aa370fe05effa499d24cd01618469aa3
SHA1 b1048587447282d344149db424c02a98de0bb6f8
SHA256 c01538ba7016b6e4ba26d88c1ea5605f4988baccd99b31217fa2be680fa3a48b
SHA512 9736b7c6e093f4c8295f0d32d230bcbe66f18da2d462f42fc90bc68c194e4ae219de9dd394d1b76a3d6193f09185bb320b72bf391f5c9532d4ea0f693c9fe047

memory/2464-441-0x0000000000400000-0x00000000006FE000-memory.dmp

memory/2464-442-0x0000000000400000-0x00000000006FE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f01b22bcf6037ae11194f55ef9989dc6
SHA1 d718d632ab61ef041da873331521897b50b12609
SHA256 7a767672360d00fc7f8ed7eefa514e2d8645790430c906e6b1db62426d3fd293
SHA512 f1231fec95e31d7dcc64e99fd4c6aa3aae5924ec11f66c6a521bbee59b2271ce1ed9a66140d73b2ed5ca453e201ea9248f573dfb6472969b0aa615d0319a230d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8b4e359c8b3f8612eee24bd04a6c5060
SHA1 e162b601ac1b3af371f88ac09a515774c80e45a3
SHA256 256463b61a3df7d23b4604ca224a476f84a8869df32c8b0d64822497b0f5d767
SHA512 de2658e3ad5aa4a601784c8de2eec87bbab4173af6d2ba654de1b1450889a77948e1a913b84bf7240f276fa696535057267ce53f7bd952334548d666300fb80f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 59fedd41e3287d05e9b9c44352da74d4
SHA1 cb0e50d8060ecf457116c2711b1cfacc595763f0
SHA256 49b133300b409b02cad9a1f3ba3eede1da07d8c482b7b37d4d1a56b6166da721
SHA512 7f374c04f574347992d5aff304cea0828f8359e794ba4bb9572acdc026c0cdde704a2f77b8856f834d18cd65ddd092a84049dc427151b087ce97a1651e2ec0f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 57ec1d55c97a235e7ff3d44463dc341a
SHA1 e79b7cbfdbe0775f93a69dd2c38a39fd0a58de3b
SHA256 b89374bc4dfb12ea8d94594eaa64213972fdf2fae2c6a63c35dcb114fb6183e0
SHA512 eb62e04260d3b8cf4cb0282a8c15ea3cbefa6640766846733257443cf2b5dd79cf681c5fbb6c272e1b62892c016507705cb1cc3da9a15028f1ba706a21ccd576

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 da2c97339d5edb2b1b9d5d4abdcf20b9
SHA1 2da8bf71055220ff2ab23c787495ad99f01d3bee
SHA256 06acc4ec05acab6db327dd17efef9988af813edbd6c3a2f7b6f82d7fcfced31f
SHA512 1f9872c707bb4db34ddccfdf45f7059e1d69ff2b81a60a1dd97d6d0b84dd6799597d70ae20a306691c497b60b970d8343c00b52cd1deef2ec8f30021e12bec49

C:\Users\Admin\Downloads\Unconfirmed 649753.crdownload

MD5 a56d479405b23976f162f3a4a74e48aa
SHA1 f4f433b3f56315e1d469148bdfd835469526262f
SHA256 17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23
SHA512 f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b4b2233b2125e7753ce796a2ef64c328
SHA1 895169a08ff683073f054bc434e9ea3fe438aa1a
SHA256 36332993bf552309d3627be085065c57d771743be6c9d9616871066c3968e243
SHA512 128e22e1e25373e3009408a33aa9439d255d90bc4bb71cb3d9f00b376089068eb71d8494f4bddb437d427f515bcf2e049affc602268d529004853a4cca9cac1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 feb52abf829fb6b1087730aa58e8405f
SHA1 1ffb201a4c719ef48b0083c8704243adf41d4c89
SHA256 25151e7e5533d92457aeb32fd3a97eb80c820dd6e4e1266d6a2a637a17c0c863
SHA512 7debb203bd91d6b6b26de900f4e115dbc51a508907f3fe77e31278426c62a786dc526e4df0d5a68eb0e458ae7582e45a89bd3a68f6329c07afefff9d61a13c26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ba85b197cf67a7b1d073ce747d1670f7
SHA1 8ff03f489bb9d18490e36da8f7ad88811af3e1d9
SHA256 034f919c3509a91fd24970061b329027f53402d100d5a34144b2c0e373a6ada8
SHA512 c86caf201cb4b83a79cfba51a5214fc95634c0cae2d5d66b050729e3a7dd6d10c0e6389354113c8ea115f794fdbd7f2c629631d1dd5220dce0fccc9c82cd3781

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2fad38852d229055c094b7173c1f6978
SHA1 6c53d39a76fd1bf5fef20912bf6cad39d9296051
SHA256 87e66a96eeb3ccc6fa0dda0b8767036a9d19dea8b10d50177511f32c680f0aef
SHA512 d313330007c43ee94f0c1871b45fa1b2a3c84c65f95d75acd637f6c859b0eefc0acfad1a8335d832fa0a7a6d4e63389d07ef85974add6e1e5fa531969b31eca2

C:\Users\Admin\Downloads\Unconfirmed 594842.crdownload

MD5 eb9324121994e5e41f1738b5af8944b1
SHA1 aa63c521b64602fa9c3a73dadd412fdaf181b690
SHA256 2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a
SHA512 7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b8720c0f-3efe-42df-ac47-f24ed95295a0.tmp

MD5 c6dfbc71207b0e6a8c1dc51f90c373f1
SHA1 41990be587a665eb1a6360a0e17f0e0b80f3ae16
SHA256 7af7ee9c2adba08809bf10cf2baf1cda95c7a1a63065d5d29b9c9c89687baa3a
SHA512 b8e3aadd7b18dc0a1dfcaf6a247c454882d0ad4fb2d88185afd322cc364ced3653d696c7a423f4bd41364f0e0dea5424a5aed55b8341bcbb13b340102cfab723

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 640d9006b1ef313318582307b87c45b5
SHA1 98ac4036e0d5de134818a54938dd3e0382bc4730
SHA256 abf647afaa43f43c1696a8265a53ce3fd748b3bdb680fa671507554bec66f9a8
SHA512 cd00c9da6fc2be6012ff27c31393d84bca05e5a1e71dc29daf210f970f7b033af61f49dd21902e2d323f7f95959726fecba5c2a6b1ee07e0406e75e481dc725e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 11aeb8d8334da526e97e7a310d99e4d1
SHA1 58bd90fba502554c4340edf9182cc81486b88a66
SHA256 d38cbca08011ad6f383fc3af1c1f9abb021f8fd6f295b9e0971f4b7d5664bfea
SHA512 2c8034d23c3b58cdecc695e41f9de3636229c4c896e13a5cfe759e91c1b99f39019fb79e254bcf441923103ce140a722a813e84fdaa204defce97985b0a49a4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9ab95916df3ce897b4957ecd21bc531d
SHA1 80611442353416e1baad09153a5b46c1c3df0ac6
SHA256 c6bcc9806f3b722280667d71fe3207e21585d497b65f5ffff4124cd0eb4f1ba5
SHA512 ab22f328c27355fdd4fe03f1031189dc71aa0a16cf1b5f58236868f78059e9de1567a65b1a7c1f21bad613cea887d8b318ecccd57e09a2e96c85020d38a80a40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 19d1f461ba44611c197bd454c31a9e1a
SHA1 e8d60df57b8d4cdcd1336a9324ce153f8cc031b7
SHA256 c9809b79291d9ff8da2a16d86d34bff6d0c3b6016b38c4726dcbb08308b3a097
SHA512 36309325adbe5ccc0d4cf70f0d68c691b72584a59b763363fd6c24f0a74a3c155e081deb851ca86c7aaed22d90ff9332e8cb2315abb1d95b8359f7abba3f3c30

C:\Users\Admin\Downloads\Unconfirmed 649406.crdownload

MD5 30cdab5cf1d607ee7b34f44ab38e9190
SHA1 d4823f90d14eba0801653e8c970f47d54f655d36
SHA256 1517527c1d705a6ebc6ec9194aa95459e875ac3902a9f4aab3bf24b6a6f8407f
SHA512 b465f3b734beaea3951ff57759f13971649b549fafca71342b52d7e74949e152c0fbafe2df40354fc00b5dc8c767f3f5c6940e4ba308888e4395d8fd21e402b3

C:\Users\Admin\Downloads\Unconfirmed 649406.crdownload:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 03755b938aac83e48707d5fc8f373bce
SHA1 944530a96c134bb5c6544517f3160fb77e0a23ee
SHA256 fb04c74bad527f0b70986c5a14415e755cfd1ba37f644a1f9baf33865c6c6eb6
SHA512 c23c22ea6aebc0ad8c689d1838f4858e5dfc60d7aa4869ae51ac9c878dc22d104e75105693ff336e94567eb8cfc29411ae9b5cccc6aa5ca74f4cdda646b37341

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7f6279f711e38adcd83e4a596e2a9aef
SHA1 f01865a6c749158bab9a16e618191b8ed655a8d7
SHA256 5a174599f9c9b25ffb586d73cf860504f7e5595af7528398b64c742d1ba3c807
SHA512 807ae0eec88dff56c46e5508555da776128ea632e87361ddbf2b2f8f79dccf42012a886a0635d506004dc1d159dc2f86bba09de7b2bd288caed97a5976a5fa88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 efc4e674443645bd239c3fe93d329e73
SHA1 e73a6e19a0564de82aa5801d0d523b945eef49c8
SHA256 8d628bdc50fbe7be02b97b9e0d2d8e4a236d7e4594a9d3e2aaa683b1453a9fb4
SHA512 193241fc87ba1a40a4d70b8539f6c861e81b6264dac13409dfee7598078676f659170f25869abf4e4e863ee5c6fbdb175a3937c94c0d00b75662af7ba9b518c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\a6915810-deb5-4c1f-911d-42036540335f.dmp

MD5 c90818d9d99bfa4d465f464953bcd92f
SHA1 98b27c4d660f6f3138720e78cd6927c3d04315bf
SHA256 ec5c5b44cff13dc53b721d01d82f2a3b9ee09e5d01b6d1e05ffbff85329f36f0
SHA512 ecef09ab42fbf6f041a6206d983a72c41a5f996c130761f0d74d2803bcc8728ac33917bc613530957afc1c45b70a14164b8f7ca3e8f68405afbdd51d6d8d3103

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 1897ac06938a832e966b406338f396eb
SHA1 dfd688b453141fa07fbf94eb616db03c4e2fad6b
SHA256 ee45cc28ba4fe83813337a34cce084d9423ecd7894647719b96b7befafc11364
SHA512 cab29594ce6979c22b56fba37bb34ca5c0b7723708a49065e1dc58d68ab42d80984207cfd351d077b676d38d2bede0317ba8297deb9f696eedcee7a883f31b1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 830046cdf9c0ae18c66ab451c0c67a8b
SHA1 8c8763173b45f9f751d869b3ffcaa8b8f54120b2
SHA256 23929a828521bc566ba7b04a70b66f68ca7138b4a3c0ecf07eadecc680bb17a7
SHA512 495c87451008286022c112afb71b5f6bb2a6d2ed02f5765ead5b3d94c29733af6b8c83dcc64de6b0cd890f0cc3afc1d5fdc59140e04082a6a42d658aab2b3697

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 55cccd6455a8cac8d89f5435fffa9659
SHA1 1aa9de96d667b51dd34ce96af2eb99949da8c836
SHA256 d5f804d1faf6729d432f1d3fa9e761af8d8fbe62fcfd1a20c65d0136cdf25c39
SHA512 e56bc924fca38b534f20e02a3298011e64153c4ad349fdfeb190db9308c2c0cad3f479084c25a78f1a1351efb54f462f2b0ce4c73fe09fa9b0b0ffd44703404a