Analysis Overview
Threat Level: Known bad
The file https://github.com/Pyran1/MalwareDatabaseUnsorted/blob/master/Samples/000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607.exe was found to be: Known bad.
Malicious Activity Summary
Raccoon family
RedLine
Modifies security service
Raccoon Stealer V1 payload
Modifies WinLogon for persistence
Raccoon
Modifies firewall policy service
Adds autorun key to be loaded by Explorer.exe on startup
Redline family
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Boot or Logon Autostart Execution: Port Monitors
Event Triggered Execution: Image File Execution Options Injection
Downloads MZ/PE file
Boot or Logon Autostart Execution: Active Setup
Manipulates Digital Signatures
Boot or Logon Autostart Execution: Print Processors
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Modifies system executable filetype association
Checks BIOS information in registry
Legitimate hosting services abused for malware hosting/C2
Checks whether UAC is enabled
Maps connected drives based on registry
Modifies WinLogon
Adds Run key to start application
Checks installed software on the system
Installs/modifies Browser Helper Object
Indicator Removal: Clear Persistence
Drops file in System32 directory
Drops file in Windows directory
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
System Location Discovery: System Language Discovery
Modifies Internet Explorer start page
Suspicious use of FindShellTrayWindow
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: LoadsDriver
Modifies registry class
System policy modification
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks SCSI registry key(s)
NTFS ADS
Checks processor information in registry
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-03-07 14:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-07 14:59
Reported
2025-03-07 15:05
Platform
win10v2004-20250217-en
Max time kernel
360s
Max time network
319s
Command Line
Signatures
Adds autorun key to be loaded by Explorer.exe on startup
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit32.exe" | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Modifies firewall policy service
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\AppIso\FirewallRules | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\AppIso | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedInterfaces\IfIso | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedInterfaces | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\Mdm | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Modifies security service
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\MPSSVC\PARAMETERS\ACSERVICE | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wuauserv\TriggerInfo\1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wuauserv\TriggerInfo\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wscsvc\Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mpssvc\Security | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mpssvc\Parameters\PortKeywords | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mpssvc\Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wuauserv\TriggerInfo | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Security | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wscsvc\Security | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Raccoon
Raccoon Stealer V1 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Raccoon family
RedLine
Redline family
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe | N/A |
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5A604D2C-E968-429B-8327-62B5CE52126D} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{23A20C3C-2ADD-4A80-AFB4-C146F8847D79} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{990CB269-A600-38D0-B7D1-FBD392495F13} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A6EADE66-0000-0000-484E-7E8A45000000} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{25FFAAD0-F4A3-4164-95FF-4461E9F35D51} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Boot or Logon Autostart Execution: Port Monitors
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\USB Monitor | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Local Port | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Appmon\Ports | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\WSPrint\OfflinePorts | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Microsoft Shared Fax Monitor | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Appmon | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Ports | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\WSPrint | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port\Adapters\IPP | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\splwow64.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdxhelper.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoasb.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieUnatt.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ngen.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoadfsb.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieinstal.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SystemSettings.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrServicesUpdater.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PrintIsolationHost.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosrec.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfeedssync.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrCEF.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PresentationHost.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ielowutil.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PrintDialog.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ngentask.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ie4uinit.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runtimebroker.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshta.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvw.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ExtExport.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{A7F4C378-21BE-494e-BA0F-BB12C5D208C5} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2006 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{31D1ADC1-D329-11D1-8ED8-0080C76516C6} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.3 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.3 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{D1D04F0C-9ABA-430D-B0E4-D7E96ACCE66C} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetCaps\{C689AAB8-8E78-11D0-8C47-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetCaps\{DE351A42-8E59-11D0-8C47-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{CF78C6DE-64A2-4799-B506-89ADFF5D16D6} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\Certificates\11194FAB14616ED8259FB94DCD17CE99DAB04CDD | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{6078065b-8f22-4b13-bd9b-5b762776f386} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{D41E4F1F-A407-11D1-8BC9-00C04FA30A41} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{5598CFF1-68DB-4340-B57F-1CACF88C9A51} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSealedDigest\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{6078065b-8f22-4b13-bd9b-5b762776f386} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2130 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{5598CFF1-68DB-4340-B57F-1CACF88C9A51} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllProtectPrompt | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{000C10F1-0000-0000-C000-000000000046} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2011 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{0AC5DF4B-CE07-4DE2-B76E-23C839A09FD1} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{5598CFF1-68DB-4340-B57F-1CACF88C9A51} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{0AC5DF4B-CE07-4DE2-B76E-23C839A09FD1} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{7801EBD0-CF4B-11D0-851F-0060979387EA} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.28 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2009 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{CF78C6DE-64A2-4799-B506-89ADFF5D16D6} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{603BCC1F-4B59-4E08-B724-D2C6297EF351} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{0F5F58B3-AADE-4B9A-A434-95742D92ECEB} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSealedDigest\{C689AAB8-8E78-11D0-8C47-00C04FC295EE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Boot or Logon Autostart Execution: Print Processors
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows x64\Print Processors\winprint | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows x64\Print Processors | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Checks BIOS information in registry
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\IconHandler | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\runas | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\PropertySheetHandlers | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\DropHandler | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\tabsets | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\PintoStartScreen | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell\open | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Compatibility | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DropHandler | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\runas\command | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\DropHandler | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\DefaultIcon | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\OpenContainingFolderMenu | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\runasuser | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\runasuser | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\open\command | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\open | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\edit\command | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\PropertySheetHandlers | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell\open\command | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shellex\DropHandler | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell\open\command | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\runasuser\command | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\runas\command | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\edit | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell\open | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shellex | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\DefaultIcon | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\IconHandler | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\CLSID | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\DropHandler | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\command | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\PropertySheetHandlers | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\{8895b1c6-b41f-4c1c-a562-0d564250836f} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\runas | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\print\command | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\print | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\dllhost32 = "C:\\Windows\\system32\\dllhost32.exe" | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe | N/A |
Indicator Removal: Clear Persistence
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\splwow64.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runtimebroker.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvw.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieinstal.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ie4uinit.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrServicesUpdater.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrCEF.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PrintIsolationHost.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosrec.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ielowutil.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ExtExport.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SystemSettings.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ngentask.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoadfsb.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshta.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdxhelper.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoasb.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieUnatt.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PrintDialog.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PresentationHost.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ngen.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfeedssync.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Modifies WinLogon
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName = "COCK_SUCKING_FAGGOT" | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AltDefaultUserName = "COCK_SUCKING_FAGGOT" | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\dllhost32.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\progman.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\shutdown.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\ntkrnlpa.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\alg.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\wuauclt.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\chcp.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\MDM.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\regedit.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\alg.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\ctfmon.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\imapi.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\MDM.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\services.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\wowexec.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\dllhost32.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\imapi.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\recover.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\userinit32.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\bootok.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\chcp.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\dumprep.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\win.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\userinit32.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\progman.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\chkntfs.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\ntkrnlpa.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\win.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\WINDOWS\SysWOW64\userinit.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\autochk.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\dumprep.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\logon.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\services.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\wowexec.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\wuauclt.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\userinit32.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\ntoskrnl.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\ntoskrnl.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\bootok.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\logon.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\systray.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\NOTEPAD.EXE | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WinNuke.98.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\Storport | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\Storport | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\Storport | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\Storport | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\Storport | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Storport | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\Storport | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\Storport | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\Storport | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\Storport | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Storport | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Storport | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{4FA211A0-FD53-11D2-ACB6-0080C877D9B9} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{39A2C2A6-4778-11D2-9BDB-204C4F4F5020} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C2C4F00A-720E-4389-AEB9-E9C4B0D93C6F} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0F6A72B9-D3C5-4FCE-89A3-4E3D19C3580A} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA\SOUNDS | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\XMLHTTP | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AF604EFE-8897-11D1-B944-00A0C90312E1} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{44C79591-D0DE-49C4-BA3C-A45AB7003356} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\RunDLl32Policy\cnmsm5v.dll | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{EDC0F17F-F4B7-47E4-B73E-887FAEB376FA} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Capabilities\FileAssociations | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\RunDLl32Policy\cnmsm7b.dll | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.dir | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D9BB4CEE-B87A-47F1-AC92-B08D9C7813FC} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C46C1BC4-3C52-11D0-9200-848C1D000000} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{b4b3aecb-dfd6-11d1-9daa-00805f85cfe3} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AA13BD85-7EC0-4CC8-9958-1BB2AA32FD0B} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{930FD02C-BBE7-4EB9-91CF-FC45CC91E3E6} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F2175210-368C-11D0-AD81-00A0C90DC8D9} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6C095616-6064-43CA-9180-CF1B6B6A0BE4} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{3f8a6c33-e0fd-11d0-8a8c-00a0c90c2bc5} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Capabilities\SearchSuggestions | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{33d9a761-90c8-11d0-bd43-00a0c911ce86} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{03D9F3F2-B0E3-11D2-B081-006008039BF0} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\RunDLl32Policy\cnmsm7s.dll | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Capabilities\Roaming\FormSuggestAskUser | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{931a8c29-3ea9-494d-91e7-22e9a9247687} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{81361152-FAF9-11D3-B0D3-00C04F612FF1} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6F225D94-9318-11D4-9223-005004B34F28} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E554-0000-0000-C000-000000000046} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E532-0000-0000-C000-000000000046} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\UnattendBackup\ActiveSetup\DisableFirstRunWizard | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AD5FBDB8-C518-47F7-B4F1-F1F58D21A716} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8FE85D00-4647-40B9-87E4-5EB8A52F4759} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{03405269-b4e2-11d0-8a77-00aa00a4fbc5} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{EC85D8F1-1C4E-46E4-A748-7AA04E7C0496} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Capabilities\Roaming\TabRoaming | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\ULINKS | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{FF2BBC4A-6881-4294-BE0C-17535B1FCCFA} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E80353D3-677D-11d2-875E-00A0C93C09B3} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{812AE312-8B8E-11CF-93C8-00AA00C08FDF} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\Restriction Policies\Hashes\C1637989205DAFC7035F8D43D76CF87FD11E99DB | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Capabilities\MIMEAssociations | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C3EB1670-84E0-4EDA-B570-0B51AAE81679} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6F750201-1362-4815-A476-88533DE61D0C} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{02466323-75ed-11cf-a267-0020af2546ea} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E9CB13DB-20AB-43C5-B283-977C58FB5754} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E673DCF2-C316-4C6F-AA96-4E4DC6DC291E} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C679DECC-5289-4856-B504-74B11ADD424A} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{5D80A6D1-B500-47DA-82B8-EB9875F85B4D} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Modifies Internet Explorer start page
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "www.blacksnake.com" | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7C50E1E9-DB15-4410-89C5-D27F4B727368} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\AuxUserType\2 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\IE.AssocFile.HTM\shell\print | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F268-98B5-11CF-BB82-00AA00BDCE0B} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpeg\shell\AddToPlaylistVLC\command | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\ms-quick-assist\Shell\Open\Command | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\DVD\shell\PlayWithVLC | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.pptxml | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.mapimail\PersistentHandler | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Forms.SpinButton.1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\bootstrap.vsto.1\CLSID | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{C660D7A6-D1DD-3E9D-85EB-F844791E2DAE} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B691E011-1797-432E-907A-4D8C69339129}\6.0\FLAGS | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{000C030D-0000-0000-C000-000000000046}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Word.DocumentMacroEnabled.12\shell\Printto | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Word.Document.12\shell\OnenotePrintto\command | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1DDDB704-CF99-4B8A-B746-DABB01DD13A0}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Word.OpenDocumentText.12\shell\New\command | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WMP11.AssocFile.FLAC\shell | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\GCSXFile | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{39843BF2-C4D2-41FD-B4B2-AEDBEE5E1900}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{C888351B-5DFD-3A9F-8D36-96E7770D0EBF} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.TemplateMacroEnabled\shell\New\ddeexec | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DF48072F-5EF8-434E-9B40-E2F3AE759B5F} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BF032216-2C7F-4682-84C1-76EF432D840B} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDE0D630-7801-47cd-984E-1F0AFBC5ACBF}\ProgID | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{1D415254-6D7E-315C-86CC-90A641A57703} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{048FA0C2-8EBB-3BC2-A47F-01F12A32008E} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.fh\AppXj4qrs60k02d8kcd8ycgdx89mga9t57z3 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\Dependents | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\FDate.Factoid\CurVer | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DF2BBE39-40A8-433B-A279-073F48DA94B6}\1.0\FLAGS | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED13477-E909-45BC-BADC-2106D04D6BD7}\Programmable | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{F04DAF91-E45E-301A-9038-5F5738A64FDA}\15.0.0.0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{0E37EEFA-84BD-300E-8AB4-7CFC2C8C3F38}\15.0.0.0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\ms-people | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AudioVBScript.1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.xfdf\AcroExch.XFDFDoc | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.wmx\PersistentHandler | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.rct | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6F81EA95-074E-48D4-AA96-62197E0AE96F}\TypeLib | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{41487E33-9A10-42FE-BA3B-15FDE59D09D5} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{000CDB0D-0000-0000-C000-000000000046}\InprocServer32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\tel\AppXvvr0sjtc34r6nk4mhn2e608s2xp2tezg | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.png\PersistentHandler | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AF538114-BD14-53B0-B1D1-841DCAA451AD} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Word.Document.12\Insertable | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mp1\shell\AddToPlaylistVLC | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\themefile\shellex | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{A9BE00DF-7346-37EF-AA43-8C68F18230D8}\15.0.0.0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{8351108F-34E3-3CC9-BF5A-C76C48060835}\2.0.0.0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\OrgPlusWOPX.4\shell\open | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Media | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}\1.0\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F73605E1-E491-4012-90BE-F8AAF1A8D179}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{51973C22-CB0C-11D0-B5C9-00A0244A0E7A}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5007373A-20D7-458F-9FFB-ABC900E3A831}\ProxyStubClsid | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9DF1F64D8EF250D42BCA10C1326BB942\SourceList\Net | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\awdvstub.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.ttc\PersistentHandler | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83E4294C-E0BB-4E62-AC48-00F226021136} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\NumMethods | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{000C037A-0000-0000-C000-000000000046} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\Certificates\D73F0C22273FA4C717A3A735F7E992F31190F010 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\Certificates\CE97FCF4ABACBFC662AF418EA1D4862F951D3D5D | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\51501FBFCE69189D609CFAF140C576755DCC1FDF | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\Certificates\2BD63D28D7BCD0E251195AEB519243C13142EBC3 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices\Certificates | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\Certificates | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\Certificates\6CA22E5501CC80885FF281DD8B3338E89398EE18 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\Certificates | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\CTLs | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7E04DE896A3E666D00E687D33FFAD93BE83D349E | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs\27748148BBE67A43CDBFEC6C3784862CE134E6EA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\B68D8F953E551914324E557E6164D68B9926650C | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\CTLs | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\CRLs | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\06F1AA330B927B753A40E68CDF22E34BCBEF3352 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\FlightRoot | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\CRLs | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\2C85006A1A028BCC349DF23C474724C055FDE8B6 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\31F9FC8BA3805986B721EA7295C65B3A44534274 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\Certificates\F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\CRLs | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\Certificates | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\92B46C76E13054E104F230517E6E504D43AB10B5 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\Certificates\A4B37F4F6DE956922273D5CB8E7E0AAFB7033B90 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\Certificates | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\CTLs | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\Certificates\8A334AA8052DD244A647306A76B8178FA215F344 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\Certificates\9E78FB9F9527D859700D303DFA589B3073951DCB | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\Certificates\11194FAB14616ED8259FB94DCD17CE99DAB04CDD | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\Certificates | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3B1EFD3A66EA28B16697394703A72CA340A05BD5 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 649753.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 594842.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 649406.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 673524.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 370119.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection\Users | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Pyran1/MalwareDatabaseUnsorted/blob/master/Samples/000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9dbc746f8,0x7ff9dbc74708,0x7ff9dbc74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5068 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
C:\Users\Admin\Downloads\000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607.exe
"C:\Users\Admin\Downloads\000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607.exe
"C:\Users\Admin\Downloads\000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6348 /prefetch:8
C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe
"C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe"
C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe
"C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe"
C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe
"C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe"
C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe
"C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe
"C:\Users\Admin\Downloads\001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 /prefetch:8
C:\Users\Admin\Downloads\WinNuke.98.exe
"C:\Users\Admin\Downloads\WinNuke.98.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
C:\Users\Admin\Downloads\Fagot.a.exe
"C:\Users\Admin\Downloads\Fagot.a.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5611954814190757329,8921297092227853478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3544 /prefetch:2
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000b0 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000ac 00000084
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | teletop.top | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | teletop.top | udp |
| US | 8.8.8.8:53 | teletop.top | udp |
| US | 8.8.8.8:53 | teletop.top | udp |
| US | 8.8.8.8:53 | teletop.top | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | teletop.top | udp |
| US | 8.8.8.8:53 | teletop.top | udp |
| US | 8.8.8.8:53 | teletop.top | udp |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| US | 8.8.8.8:53 | teletop.top | udp |
| US | 8.8.8.8:53 | teletop.top | udp |
| RU | 95.181.152.12:44159 | tcp | |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| US | 8.8.8.8:53 | teletop.top | udp |
| US | 8.8.8.8:53 | teleta.top | udp |
| RU | 95.181.152.12:44159 | tcp | |
| US | 8.8.8.8:53 | teleta.top | udp |
| US | 8.8.8.8:53 | teleta.top | udp |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| US | 8.8.8.8:53 | teleta.top | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | teleta.top | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| RU | 95.181.152.12:44159 | tcp | |
| US | 8.8.8.8:53 | teleta.top | udp |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| US | 8.8.8.8:53 | teleta.top | udp |
| US | 8.8.8.8:53 | teleta.top | udp |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| US | 8.8.8.8:53 | teleta.top | udp |
| US | 8.8.8.8:53 | teleta.top | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| RU | 95.181.152.12:44159 | tcp | |
| US | 8.8.8.8:53 | teleta.top | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp | |
| RU | 95.181.152.12:44159 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 530542a18a6a8ed6ee368e1ef7dc5b6c |
| SHA1 | dbe2ed90dc289b52318ab71c4e1afd4761458a2b |
| SHA256 | d82bae18f65b2d3bfba38ea5eaada2191503fb0d723b8788eb4f664ac553a718 |
| SHA512 | 50d2ab00f22e942d3fc7293ba30dc7cb91bff5faf91c16b970d99f59865d5f1f7c58b4e886658779cb4b15bc21cc998d04d20fe3043cf5a2379f9a6befb37571 |
\??\pipe\LOCAL\crashpad_4480_VGMVHVQJHJAQQNEB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0d47548749f21064e18eeb2a53583399 |
| SHA1 | 6c4623c7977090ccde01d48745b02d9485de838e |
| SHA256 | 2cfa2f680e7a0b94fe69e1cf5415effa1bc7982754a4adb806c04b5666f1ac45 |
| SHA512 | 148ad4ea174563b4effcf6f4a0fdf5f0c86f9637c21a11407974ab603e0867b3a0dcfd9f53b57bfec7fdf1767edd74d09fb58cb806cde17fad50158ba5cc8f40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cb6fc34faed64683507d8acb66bce865 |
| SHA1 | 4ad617c221726fb94627b6688132cda2712cfe55 |
| SHA256 | 7ec56d7eaa20292bc755349e83f5c016a9c9919664a5d019af0114af77043a7a |
| SHA512 | 74453618befe772e41663909a4ff55e16821a95ca19b467660f081af7ca80a439e411562ae5a4f0bdc7b9344501cda85bbfacfae4ae19010d9627939396be01e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 422a4991b3b711327cb14bfc4931c024 |
| SHA1 | 7567c5c28635709982180eed73548a5c16956598 |
| SHA256 | 5529d75c7b86fd802150bfea8bedff5394a61b9db2a3146f3c79f7ae1443477c |
| SHA512 | 320dd372b4983af539ff1316641fcea3393a21dc4c5a2a676605fe380b1a38901191824f2411b1c16a4b7313b710267701382b7adc2538ef605ef757c80e599b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3cb0607b054037c711f1d00e4165502f |
| SHA1 | 0ad1420d0a8fa775831c24d9a3b2f68357f579a2 |
| SHA256 | 5b115828afb20e8ac73fc0882f1cff32ac99882455efaa04de9705537f376d08 |
| SHA512 | f6b35aee10910931fc8bd4925e9ccf9b91a66e2694fb3e036b0f31e9feacde4e0ca1e7d589809205f3d4df910a723447a19491248f8588a59212af4c861d5061 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 7b706f81ccfddbd2defe1dae334468b0 |
| SHA1 | 8eaee7ac615073c268177d2938f08c1d72c9dd92 |
| SHA256 | fc464dd3dfc999d09fa7bb9c66eecb61dd942e386382027383dd7c8cc71a0221 |
| SHA512 | 7c3a0dd7258c8ae1516e7b3f469c61d53161ee3ae8a3e82050dc70b56be2875eac8e3411636baec9a4e2a9d5cff6a552117d946f39fd9fcea4ad682d6412d995 |
C:\Users\Admin\Downloads\Unconfirmed 673524.crdownload
| MD5 | a29b233216094ad01ecd5c5405bda21c |
| SHA1 | 874b0eab36e5951df9a129ae272c627d661a69a4 |
| SHA256 | 000a5351b371aded2fb7194910ee210cb029199eb65a4f755f23a4f904117607 |
| SHA512 | 11365254b7b91b1ea81ce84a4c05ff18b9c60f4e97c32d8c770adc9168798553768ef271ccfca812b8d10e2330fb3c95d8fbcb9a01d61454619483682cdae63e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c14d798b5bd4196e53c4c61575f3b927 |
| SHA1 | 200c187b2a636aa5902f10bd04c89a179d9b2f44 |
| SHA256 | f15024aae0336de3ac32a4dca0390653a5b0cf47b97023cd62128ffa585d41fa |
| SHA512 | 14d074aee70ae200eb4755516ca8fe3327edc370aec9472e1c31ad85351aca69966c9f23cedb57ce199b6d978fdbdf4c154528efbe7fd132847b67cb2d2914e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ed23401b6e689845464cd0bf3da53646 |
| SHA1 | 6e8383154ebf7717f14556c970d1d682114d6fc3 |
| SHA256 | 1bd2bd37636c6e25617746120f9e131b0b58069f18e5e335f79a12c46638a285 |
| SHA512 | 4a159a17a00c5f5ab4a03a094b444050ff6f3e1bf5d8be3009a63d4b40e14e3c714ab5f9f537639e93f95c045d9decef904c0fa1c4a05e8afb929dcc164f0d94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d14a.TMP
| MD5 | 1d97a2cdb17244b8c16ff8f3fd9dd188 |
| SHA1 | b476cbf4543744b21aefb511c249676784a1f4ca |
| SHA256 | 448b0b3cc27be6bbbdf4f44d6eb0942dbae070e707ccbf7b87c0dbe523352589 |
| SHA512 | a1bda07fa6ef19f62e0bc55db95446e7466c93b236a70224c913999b694eceac79a6988c4f3ca822767a5d4e1f07fc5c96376fd895a8ffcb71a5bc833dbfa58a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d4345916e7a599252a6f5db049acca57 |
| SHA1 | 198700c5fbfa61c9ac790f01008e78e4a504afa1 |
| SHA256 | 962fefebe629bf9c3ae3cadaefa28e014859716170034bd6d46d8fcc599df898 |
| SHA512 | da555271a8490588c3bb71bc630f4980f4786a7fe669869ddb2a0cbd73030c029d1d18d5cd8cf216fb2a9156e0f4ac08f006b8aa78bb258459adf7d608574fa5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5d7fb68098e37d4239f0e1bbcad3d2f0 |
| SHA1 | bbea7b962d30d0f7cba7855315ac65f5fe54ce8a |
| SHA256 | 7be6e2c69ca7160ab50192f80531ca3eddf8b96509403f05ef92fd0bb880b45f |
| SHA512 | 344ee47ee9ab9fd3ca379480e17f5ce168778cce382d967ec6fb5014ca9bb0b5ff2558976eef77f073098b8dde71678d9d85e18eb45fd1800b6c5308748120c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 950517922218e29149700596305c51fc |
| SHA1 | cee311cb012f047d922038dc82768035eb98bd36 |
| SHA256 | 06763c14a353d5f6935538d96d4b120cb3f2f196f9636b0bf61818050585b3d0 |
| SHA512 | 98236587c98d00c8c3925eaa3764b21d4de806561fa2dfe8eaee8b4c3e004f87bc0fe230603c43e072c3f9c94b943889e7ae9fae182d79e0d3e5f84661f18638 |
memory/5036-258-0x0000000000400000-0x0000000000491000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 296d67fdc47426ce80c40e9f1d4e85ff |
| SHA1 | 8102cda50aa71f7729ef547511789bf0b7c1f77b |
| SHA256 | a5044da57131aee7e32a88f6d754f7a14539b1cf2427d14e5c7630a2c5c035d1 |
| SHA512 | fdcd20f57e025f4ddea856255021988f9aa639c506429ebf12d0c14a3dba6448d10d87262a19efdd3792e3af19384128e9695e05e2c32c00fa325d97c386d0fc |
memory/3368-291-0x0000000000400000-0x0000000000491000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f27ed958e1ac5d59278dbe10e34865e2 |
| SHA1 | c003f415b2942510a0f7adc5b41f7e2bc14394f4 |
| SHA256 | c3a7404c67078e04ba08b496bd13fd25416feb35d6cd8c021b2a2f79fa7b1598 |
| SHA512 | dff1a1812ff4e30dbd1cdc7addca61afed9db876813c13779446901ae0361e9cfa31ddcb67ab46a44d235971eabef17fc05f3badb926be3869ad9e2f6a43a049 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 1b2510252d927858a861b7567b09193f |
| SHA1 | cd2ccc85e7e438aae22e27ad692c5f25cbd0b1ac |
| SHA256 | c916ec16688b5ef1f60c29272d80b9121566c8dab4b228cc338fc8ca2447042f |
| SHA512 | c4c610241f50e011f19e248041f8fdeb644092aba6795a5470b2a5ad516e7bf6ee9555dd99ce7376502e4bebada57469ffdce9433a74f2afa001aad9660750fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e9426563d1e1e9e3ebd5144de6e2602b |
| SHA1 | fbbcc0b10a409e4ace9b6beff98726eb12037fa5 |
| SHA256 | 4bc662b76e3abb365212a0138fc809b755f26e0a4d7ebcd665b786a0427f2d54 |
| SHA512 | 081b669c115c26972d40805750e634f3b787bfb79fa5b6a6881761e216149e2b879f6d58a1fb4afea72d5afff2ec6aa548df95960571c0e78351aaaaefa1a447 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 27171ca076dd6f8d4d5456b4b654213d |
| SHA1 | ccf3273b136bb62e84b15cfca86deb6c367767f2 |
| SHA256 | b33615918f1e91a3c17cfab5071d28b94c195ddbdef725dd1cc7819b31b552f0 |
| SHA512 | 4c17fad819230ebec00b9fd4be7593344c0e946a9b9d25ea517600ae54be64b2d237b30ef68e11dc3d04a0ccb399b4beecf6f42778e0ee919c58d36dc15a2a84 |
C:\Users\Admin\Downloads\Unconfirmed 370119.crdownload
| MD5 | 27c325bb5e2dc3a9fb5c0b4437bc243f |
| SHA1 | 9880c96589a67b363377cffd1c565e1e60502afa |
| SHA256 | 001aa198dd220207cd3e53c7e8b081dd093beb969f099d0ce61cb0cd452c14b3 |
| SHA512 | 916c2b7890a83e650efbedf669fef1883771d17d745a5d3affe942825da44b7467b16ee12cd83c7d6f50cb5ba92a86dfa0f7fc6124bcbc73b1ffc36cf95e6691 |
memory/5268-390-0x0000000000400000-0x00000000006FE000-memory.dmp
memory/5268-392-0x0000000000400000-0x00000000006FE000-memory.dmp
memory/5268-393-0x0000000000400000-0x00000000006FE000-memory.dmp
memory/5268-394-0x0000000005D10000-0x0000000006328000-memory.dmp
memory/5268-395-0x00000000063D0000-0x00000000063E2000-memory.dmp
memory/5268-396-0x00000000063F0000-0x00000000064FA000-memory.dmp
memory/5268-397-0x0000000006500000-0x000000000653C000-memory.dmp
memory/5268-398-0x00000000065D0000-0x000000000661C000-memory.dmp
memory/5124-400-0x0000000000400000-0x00000000006FE000-memory.dmp
memory/5124-401-0x0000000000400000-0x00000000006FE000-memory.dmp
memory/428-403-0x0000000000400000-0x00000000006FE000-memory.dmp
memory/5528-407-0x0000000000400000-0x00000000006FE000-memory.dmp
memory/428-406-0x0000000000400000-0x00000000006FE000-memory.dmp
memory/428-405-0x0000000000400000-0x00000000006FE000-memory.dmp
memory/5528-408-0x0000000000400000-0x00000000006FE000-memory.dmp
memory/5528-409-0x0000000000400000-0x00000000006FE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aa370fe05effa499d24cd01618469aa3 |
| SHA1 | b1048587447282d344149db424c02a98de0bb6f8 |
| SHA256 | c01538ba7016b6e4ba26d88c1ea5605f4988baccd99b31217fa2be680fa3a48b |
| SHA512 | 9736b7c6e093f4c8295f0d32d230bcbe66f18da2d462f42fc90bc68c194e4ae219de9dd394d1b76a3d6193f09185bb320b72bf391f5c9532d4ea0f693c9fe047 |
memory/2464-441-0x0000000000400000-0x00000000006FE000-memory.dmp
memory/2464-442-0x0000000000400000-0x00000000006FE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f01b22bcf6037ae11194f55ef9989dc6 |
| SHA1 | d718d632ab61ef041da873331521897b50b12609 |
| SHA256 | 7a767672360d00fc7f8ed7eefa514e2d8645790430c906e6b1db62426d3fd293 |
| SHA512 | f1231fec95e31d7dcc64e99fd4c6aa3aae5924ec11f66c6a521bbee59b2271ce1ed9a66140d73b2ed5ca453e201ea9248f573dfb6472969b0aa615d0319a230d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8b4e359c8b3f8612eee24bd04a6c5060 |
| SHA1 | e162b601ac1b3af371f88ac09a515774c80e45a3 |
| SHA256 | 256463b61a3df7d23b4604ca224a476f84a8869df32c8b0d64822497b0f5d767 |
| SHA512 | de2658e3ad5aa4a601784c8de2eec87bbab4173af6d2ba654de1b1450889a77948e1a913b84bf7240f276fa696535057267ce53f7bd952334548d666300fb80f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 59fedd41e3287d05e9b9c44352da74d4 |
| SHA1 | cb0e50d8060ecf457116c2711b1cfacc595763f0 |
| SHA256 | 49b133300b409b02cad9a1f3ba3eede1da07d8c482b7b37d4d1a56b6166da721 |
| SHA512 | 7f374c04f574347992d5aff304cea0828f8359e794ba4bb9572acdc026c0cdde704a2f77b8856f834d18cd65ddd092a84049dc427151b087ce97a1651e2ec0f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57ec1d55c97a235e7ff3d44463dc341a |
| SHA1 | e79b7cbfdbe0775f93a69dd2c38a39fd0a58de3b |
| SHA256 | b89374bc4dfb12ea8d94594eaa64213972fdf2fae2c6a63c35dcb114fb6183e0 |
| SHA512 | eb62e04260d3b8cf4cb0282a8c15ea3cbefa6640766846733257443cf2b5dd79cf681c5fbb6c272e1b62892c016507705cb1cc3da9a15028f1ba706a21ccd576 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | da2c97339d5edb2b1b9d5d4abdcf20b9 |
| SHA1 | 2da8bf71055220ff2ab23c787495ad99f01d3bee |
| SHA256 | 06acc4ec05acab6db327dd17efef9988af813edbd6c3a2f7b6f82d7fcfced31f |
| SHA512 | 1f9872c707bb4db34ddccfdf45f7059e1d69ff2b81a60a1dd97d6d0b84dd6799597d70ae20a306691c497b60b970d8343c00b52cd1deef2ec8f30021e12bec49 |
C:\Users\Admin\Downloads\Unconfirmed 649753.crdownload
| MD5 | a56d479405b23976f162f3a4a74e48aa |
| SHA1 | f4f433b3f56315e1d469148bdfd835469526262f |
| SHA256 | 17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23 |
| SHA512 | f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b4b2233b2125e7753ce796a2ef64c328 |
| SHA1 | 895169a08ff683073f054bc434e9ea3fe438aa1a |
| SHA256 | 36332993bf552309d3627be085065c57d771743be6c9d9616871066c3968e243 |
| SHA512 | 128e22e1e25373e3009408a33aa9439d255d90bc4bb71cb3d9f00b376089068eb71d8494f4bddb437d427f515bcf2e049affc602268d529004853a4cca9cac1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | feb52abf829fb6b1087730aa58e8405f |
| SHA1 | 1ffb201a4c719ef48b0083c8704243adf41d4c89 |
| SHA256 | 25151e7e5533d92457aeb32fd3a97eb80c820dd6e4e1266d6a2a637a17c0c863 |
| SHA512 | 7debb203bd91d6b6b26de900f4e115dbc51a508907f3fe77e31278426c62a786dc526e4df0d5a68eb0e458ae7582e45a89bd3a68f6329c07afefff9d61a13c26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ba85b197cf67a7b1d073ce747d1670f7 |
| SHA1 | 8ff03f489bb9d18490e36da8f7ad88811af3e1d9 |
| SHA256 | 034f919c3509a91fd24970061b329027f53402d100d5a34144b2c0e373a6ada8 |
| SHA512 | c86caf201cb4b83a79cfba51a5214fc95634c0cae2d5d66b050729e3a7dd6d10c0e6389354113c8ea115f794fdbd7f2c629631d1dd5220dce0fccc9c82cd3781 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2fad38852d229055c094b7173c1f6978 |
| SHA1 | 6c53d39a76fd1bf5fef20912bf6cad39d9296051 |
| SHA256 | 87e66a96eeb3ccc6fa0dda0b8767036a9d19dea8b10d50177511f32c680f0aef |
| SHA512 | d313330007c43ee94f0c1871b45fa1b2a3c84c65f95d75acd637f6c859b0eefc0acfad1a8335d832fa0a7a6d4e63389d07ef85974add6e1e5fa531969b31eca2 |
C:\Users\Admin\Downloads\Unconfirmed 594842.crdownload
| MD5 | eb9324121994e5e41f1738b5af8944b1 |
| SHA1 | aa63c521b64602fa9c3a73dadd412fdaf181b690 |
| SHA256 | 2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a |
| SHA512 | 7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b8720c0f-3efe-42df-ac47-f24ed95295a0.tmp
| MD5 | c6dfbc71207b0e6a8c1dc51f90c373f1 |
| SHA1 | 41990be587a665eb1a6360a0e17f0e0b80f3ae16 |
| SHA256 | 7af7ee9c2adba08809bf10cf2baf1cda95c7a1a63065d5d29b9c9c89687baa3a |
| SHA512 | b8e3aadd7b18dc0a1dfcaf6a247c454882d0ad4fb2d88185afd322cc364ced3653d696c7a423f4bd41364f0e0dea5424a5aed55b8341bcbb13b340102cfab723 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 640d9006b1ef313318582307b87c45b5 |
| SHA1 | 98ac4036e0d5de134818a54938dd3e0382bc4730 |
| SHA256 | abf647afaa43f43c1696a8265a53ce3fd748b3bdb680fa671507554bec66f9a8 |
| SHA512 | cd00c9da6fc2be6012ff27c31393d84bca05e5a1e71dc29daf210f970f7b033af61f49dd21902e2d323f7f95959726fecba5c2a6b1ee07e0406e75e481dc725e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 11aeb8d8334da526e97e7a310d99e4d1 |
| SHA1 | 58bd90fba502554c4340edf9182cc81486b88a66 |
| SHA256 | d38cbca08011ad6f383fc3af1c1f9abb021f8fd6f295b9e0971f4b7d5664bfea |
| SHA512 | 2c8034d23c3b58cdecc695e41f9de3636229c4c896e13a5cfe759e91c1b99f39019fb79e254bcf441923103ce140a722a813e84fdaa204defce97985b0a49a4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ab95916df3ce897b4957ecd21bc531d |
| SHA1 | 80611442353416e1baad09153a5b46c1c3df0ac6 |
| SHA256 | c6bcc9806f3b722280667d71fe3207e21585d497b65f5ffff4124cd0eb4f1ba5 |
| SHA512 | ab22f328c27355fdd4fe03f1031189dc71aa0a16cf1b5f58236868f78059e9de1567a65b1a7c1f21bad613cea887d8b318ecccd57e09a2e96c85020d38a80a40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 19d1f461ba44611c197bd454c31a9e1a |
| SHA1 | e8d60df57b8d4cdcd1336a9324ce153f8cc031b7 |
| SHA256 | c9809b79291d9ff8da2a16d86d34bff6d0c3b6016b38c4726dcbb08308b3a097 |
| SHA512 | 36309325adbe5ccc0d4cf70f0d68c691b72584a59b763363fd6c24f0a74a3c155e081deb851ca86c7aaed22d90ff9332e8cb2315abb1d95b8359f7abba3f3c30 |
C:\Users\Admin\Downloads\Unconfirmed 649406.crdownload
| MD5 | 30cdab5cf1d607ee7b34f44ab38e9190 |
| SHA1 | d4823f90d14eba0801653e8c970f47d54f655d36 |
| SHA256 | 1517527c1d705a6ebc6ec9194aa95459e875ac3902a9f4aab3bf24b6a6f8407f |
| SHA512 | b465f3b734beaea3951ff57759f13971649b549fafca71342b52d7e74949e152c0fbafe2df40354fc00b5dc8c767f3f5c6940e4ba308888e4395d8fd21e402b3 |
C:\Users\Admin\Downloads\Unconfirmed 649406.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 03755b938aac83e48707d5fc8f373bce |
| SHA1 | 944530a96c134bb5c6544517f3160fb77e0a23ee |
| SHA256 | fb04c74bad527f0b70986c5a14415e755cfd1ba37f644a1f9baf33865c6c6eb6 |
| SHA512 | c23c22ea6aebc0ad8c689d1838f4858e5dfc60d7aa4869ae51ac9c878dc22d104e75105693ff336e94567eb8cfc29411ae9b5cccc6aa5ca74f4cdda646b37341 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7f6279f711e38adcd83e4a596e2a9aef |
| SHA1 | f01865a6c749158bab9a16e618191b8ed655a8d7 |
| SHA256 | 5a174599f9c9b25ffb586d73cf860504f7e5595af7528398b64c742d1ba3c807 |
| SHA512 | 807ae0eec88dff56c46e5508555da776128ea632e87361ddbf2b2f8f79dccf42012a886a0635d506004dc1d159dc2f86bba09de7b2bd288caed97a5976a5fa88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | efc4e674443645bd239c3fe93d329e73 |
| SHA1 | e73a6e19a0564de82aa5801d0d523b945eef49c8 |
| SHA256 | 8d628bdc50fbe7be02b97b9e0d2d8e4a236d7e4594a9d3e2aaa683b1453a9fb4 |
| SHA512 | 193241fc87ba1a40a4d70b8539f6c861e81b6264dac13409dfee7598078676f659170f25869abf4e4e863ee5c6fbdb175a3937c94c0d00b75662af7ba9b518c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\a6915810-deb5-4c1f-911d-42036540335f.dmp
| MD5 | c90818d9d99bfa4d465f464953bcd92f |
| SHA1 | 98b27c4d660f6f3138720e78cd6927c3d04315bf |
| SHA256 | ec5c5b44cff13dc53b721d01d82f2a3b9ee09e5d01b6d1e05ffbff85329f36f0 |
| SHA512 | ecef09ab42fbf6f041a6206d983a72c41a5f996c130761f0d74d2803bcc8728ac33917bc613530957afc1c45b70a14164b8f7ca3e8f68405afbdd51d6d8d3103 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 1897ac06938a832e966b406338f396eb |
| SHA1 | dfd688b453141fa07fbf94eb616db03c4e2fad6b |
| SHA256 | ee45cc28ba4fe83813337a34cce084d9423ecd7894647719b96b7befafc11364 |
| SHA512 | cab29594ce6979c22b56fba37bb34ca5c0b7723708a49065e1dc58d68ab42d80984207cfd351d077b676d38d2bede0317ba8297deb9f696eedcee7a883f31b1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 830046cdf9c0ae18c66ab451c0c67a8b |
| SHA1 | 8c8763173b45f9f751d869b3ffcaa8b8f54120b2 |
| SHA256 | 23929a828521bc566ba7b04a70b66f68ca7138b4a3c0ecf07eadecc680bb17a7 |
| SHA512 | 495c87451008286022c112afb71b5f6bb2a6d2ed02f5765ead5b3d94c29733af6b8c83dcc64de6b0cd890f0cc3afc1d5fdc59140e04082a6a42d658aab2b3697 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 55cccd6455a8cac8d89f5435fffa9659 |
| SHA1 | 1aa9de96d667b51dd34ce96af2eb99949da8c836 |
| SHA256 | d5f804d1faf6729d432f1d3fa9e761af8d8fbe62fcfd1a20c65d0136cdf25c39 |
| SHA512 | e56bc924fca38b534f20e02a3298011e64153c4ad349fdfeb190db9308c2c0cad3f479084c25a78f1a1351efb54f462f2b0ce4c73fe09fa9b0b0ffd44703404a |